├── .codemapignore ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── check.md │ ├── feature_request.md │ └── rule_bug_report.md ├── PULL_REQUEST_TEMPLATE │ └── pull_request_template.md ├── scripts │ └── validate-metadata.py ├── stale.yml └── workflows │ ├── num-rules.yml │ ├── pre-commit.yml │ ├── semgrep-rule-lints.yaml │ ├── semgrep-rules-test-develop.yml │ ├── semgrep-rules-test-historical.yml │ ├── semgrep-rules-test.yml │ ├── trigger-pro-benchmark-scan.yaml │ ├── trigger-semgrep-scanner-initiate-scan.yaml │ ├── update-semgrep-dev.yml │ ├── update-semgrep-staging-dev.yml │ └── validate-r2c-registry-metadata.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── .semgrepignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── Pipfile ├── Pipfile.lock ├── README.md ├── SECURITY.md ├── ai ├── csharp │ ├── detect-openai.cs │ └── detect-openai.yaml ├── dart │ ├── detect-gemini.dart │ └── detect-gemini.yaml ├── generic │ ├── detect-generic-ai-anthprop.txt │ ├── detect-generic-ai-anthprop.yaml │ ├── detect-generic-ai-api.js │ ├── detect-generic-ai-api.yaml │ ├── detect-generic-ai-gem.html │ ├── detect-generic-ai-gem.yaml │ ├── detect-generic-ai-oai.txt │ └── detect-generic-ai-oai.yaml ├── go │ ├── detect-gemini.go │ ├── detect-gemini.yaml │ ├── detect-openai.go │ └── detect-openai.yaml ├── kotlin │ ├── detect-gemini.kt │ └── detect-gemini.yaml ├── python │ ├── detect-anthropic.py │ ├── detect-anthropic.yaml │ ├── detect-gemini.py │ ├── detect-gemini.yaml │ ├── detect-huggingface.py │ ├── detect-huggingface.yaml │ ├── detect-langchain.py │ ├── detect-langchain.yaml │ ├── detect-mistral.py │ ├── detect-mistral.yaml │ ├── detect-openai.py │ ├── detect-openai.yaml │ ├── detect-pytorch.py │ ├── detect-pytorch.yaml │ ├── detect-tensorflow.py │ └── detect-tensorflow.yaml ├── swift │ ├── detect-apple-core-ml.swift │ ├── detect-apple-core-ml.yaml │ ├── detect-gemini.swift │ └── detect-gemini.yaml └── typescript │ ├── detect-anthropic.ts │ ├── detect-anthropic.yaml │ ├── detect-gemini.ts │ ├── detect-gemini.yaml │ ├── detect-mistral.ts │ ├── detect-mistral.yaml │ ├── detect-openai.ts │ ├── detect-openai.yaml │ ├── detect-promptfoo.ts │ ├── detect-promptfoo.yaml │ ├── detect-vercel-ai.ts │ └── detect-vercel-ai.yaml ├── apex └── lang │ ├── best-practice │ └── ncino │ │ ├── accessModifiers │ │ ├── GlobalAccessModifiers.cls │ │ └── GlobalAccessModifiers.yaml │ │ ├── tests │ │ ├── UseAssertClass.cls │ │ └── UseAssertClass.yaml │ │ └── urls │ │ ├── AbsoluteUrls.cls │ │ └── AbsoluteUrls.yaml │ ├── performance │ └── ncino │ │ └── operationsInLoops │ │ ├── AvoidNativeDmlInLoops.cls │ │ ├── AvoidNativeDmlInLoops.yaml │ │ ├── AvoidOperationsWithLimitsInLoops.cls │ │ ├── AvoidOperationsWithLimitsInLoops.yaml │ │ ├── AvoidSoqlInLoops.cls │ │ ├── AvoidSoqlInLoops.yaml │ │ ├── AvoidSoslInLoops.cls │ │ └── AvoidSoslInLoops.yaml │ └── security │ └── ncino │ ├── dml │ ├── ApexCSRFConstructor.cls │ ├── ApexCSRFConstructor.yaml │ ├── ApexCSRFStaticConstructor.cls │ ├── ApexCSRFStaticConstructor.yaml │ ├── DmlNativeStatements.cls │ └── DmlNativeStatements.yaml │ ├── encryption │ ├── BadCrypto.cls │ └── BadCrypto.yaml │ ├── endpoints │ ├── InsecureHttpRequest.cls │ ├── InsecureHttpRequest.yaml │ ├── NamedCredentialsConstantMatch.cls │ ├── NamedCredentialsConstantMatch.yaml │ ├── NamedCredentialsStringMatch.cls │ └── NamedCredentialsStringMatch.yaml │ ├── injection │ ├── ApexSOQLInjectionFromUnescapedURLParam.cls │ ├── ApexSOQLInjectionFromUnescapedURLParam.yaml │ ├── ApexSOQLInjectionUnescapedParam.cls │ └── ApexSOQLInjectionUnescapedParam.yaml │ ├── sharing │ ├── SpecifySharingLevel.cls │ └── SpecifySharingLevel.yaml │ └── system │ ├── SystemDebug.cls │ └── SystemDebug.yaml ├── bash ├── curl │ └── security │ │ ├── curl-eval.bash │ │ ├── curl-eval.yaml │ │ ├── curl-pipe-bash.bash │ │ └── curl-pipe-bash.yaml └── lang │ ├── best-practice │ ├── iteration-over-ls-output.bash │ ├── iteration-over-ls-output.yaml │ ├── useless-cat.bash │ └── useless-cat.yaml │ ├── correctness │ ├── unquoted-expansion.bash │ └── unquoted-expansion.yaml │ └── security │ ├── ifs-tampering.bash │ └── ifs-tampering.yaml ├── c └── lang │ ├── correctness │ ├── c-string-equality.c │ ├── c-string-equality.fixed.c │ ├── c-string-equality.yaml │ ├── goto-fail.c │ ├── goto-fail.yaml │ ├── incorrect-use-ato-fn.c │ ├── incorrect-use-ato-fn.yaml │ ├── incorrect-use-sscanf-fn.c │ └── incorrect-use-sscanf-fn.yaml │ └── security │ ├── double-free.c │ ├── double-free.yaml │ ├── function-use-after-free.c │ ├── function-use-after-free.yaml │ ├── info-leak-on-non-formatted-string.c │ ├── info-leak-on-non-formatted-string.yaml │ ├── insecure-use-gets-fn.c │ ├── insecure-use-gets-fn.yaml │ ├── insecure-use-memset.c │ ├── insecure-use-memset.fixed.c │ ├── insecure-use-memset.yaml │ ├── insecure-use-printf-fn.c │ ├── insecure-use-printf-fn.yaml │ ├── insecure-use-scanf-fn.c │ ├── insecure-use-scanf-fn.yaml │ ├── insecure-use-strcat-fn.c │ ├── insecure-use-strcat-fn.yaml │ ├── insecure-use-string-copy-fn.c │ ├── insecure-use-string-copy-fn.yaml │ ├── insecure-use-strtok-fn.c │ ├── insecure-use-strtok-fn.yaml │ ├── random-fd-exhaustion.c │ ├── random-fd-exhaustion.yaml │ ├── use-after-free.c │ └── use-after-free.yaml ├── clojure ├── lang │ └── security │ │ ├── command-injection-shell-call.clj │ │ ├── command-injection-shell-call.yaml │ │ ├── documentbuilderfactory-xxe.clj │ │ ├── documentbuilderfactory-xxe.yaml │ │ ├── use-of-md5.clj │ │ ├── use-of-md5.yaml │ │ ├── use-of-sha1.clj │ │ └── use-of-sha1.yaml └── security │ └── clojure-read-string │ ├── read-string-unsafe.clj │ └── read-string-unsafe.yaml ├── csharp ├── dotnet │ └── security │ │ ├── audit │ │ ├── ldap-injection.cs │ │ ├── ldap-injection.yaml │ │ ├── mass-assignment.cs │ │ ├── mass-assignment.yaml │ │ ├── misconfigured-lockout-option.cs │ │ ├── misconfigured-lockout-option.yaml │ │ ├── missing-or-broken-authorization.cs │ │ ├── missing-or-broken-authorization.yaml │ │ ├── open-directory-listing.cs │ │ ├── open-directory-listing.yaml │ │ ├── razor-use-of-htmlstring.cshtml │ │ ├── razor-use-of-htmlstring.yaml │ │ ├── xpath-injection.cs │ │ └── xpath-injection.yaml │ │ ├── mvc-missing-antiforgery.cs │ │ ├── mvc-missing-antiforgery.yaml │ │ ├── net-webconfig-debug.web.config │ │ ├── net-webconfig-debug.yaml │ │ ├── net-webconfig-trace-enabled.web.config │ │ ├── net-webconfig-trace-enabled.yaml │ │ ├── razor-template-injection.cs │ │ ├── razor-template-injection.yaml │ │ ├── use_deprecated_cipher_algorithm.cs │ │ ├── use_deprecated_cipher_algorithm.yaml │ │ ├── use_ecb_mode.cs │ │ ├── use_ecb_mode.yaml │ │ ├── use_weak_rng_for_keygeneration.cs │ │ ├── use_weak_rng_for_keygeneration.yaml │ │ ├── use_weak_rsa_encryption_padding.cs │ │ ├── use_weak_rsa_encryption_padding.yaml │ │ ├── web-config-insecure-cookie-settings.web.config │ │ └── web-config-insecure-cookie-settings.yaml ├── lang │ ├── best-practice │ │ ├── structured-logging.cs │ │ └── structured-logging.yaml │ ├── correctness │ │ ├── double │ │ │ ├── double-epsilon-equality.cs │ │ │ └── double-epsilon-equality.yaml │ │ ├── regioninfo │ │ │ ├── regioninfo-interop.cs │ │ │ └── regioninfo-interop.yaml │ │ └── sslcertificatetrust │ │ │ ├── sslcertificatetrust-handshake-no-trust.cs │ │ │ ├── sslcertificatetrust-handshake-no-trust.fixed.cs │ │ │ └── sslcertificatetrust-handshake-no-trust.yaml │ └── security │ │ ├── ad │ │ ├── jwt-tokenvalidationparameters-no-expiry-validation.cs │ │ └── jwt-tokenvalidationparameters-no-expiry-validation.yaml │ │ ├── cryptography │ │ ├── X509-subject-name-validation.cs │ │ ├── X509-subject-name-validation.yaml │ │ ├── X509Certificate2-privkey.cs │ │ ├── X509Certificate2-privkey.yaml │ │ ├── unsigned-security-token.cs │ │ └── unsigned-security-token.yaml │ │ ├── filesystem │ │ ├── unsafe-path-combine.cs │ │ └── unsafe-path-combine.yaml │ │ ├── http │ │ ├── http-listener-wildcard-bindings.cs │ │ └── http-listener-wildcard-bindings.yaml │ │ ├── injections │ │ ├── os-command.cs │ │ └── os-command.yaml │ │ ├── insecure-deserialization │ │ ├── binary-formatter.cs │ │ ├── binary-formatter.yaml │ │ ├── data-contract-resolver.cs │ │ ├── data-contract-resolver.yaml │ │ ├── fast-json.cs │ │ ├── fast-json.yaml │ │ ├── fs-pickler.cs │ │ ├── fs-pickler.yaml │ │ ├── insecure-typefilterlevel-full.cs │ │ ├── insecure-typefilterlevel-full.yaml │ │ ├── javascript-serializer.cs │ │ ├── javascript-serializer.yaml │ │ ├── los-formatter.cs │ │ ├── los-formatter.yaml │ │ ├── net-data-contract.cs │ │ ├── net-data-contract.yaml │ │ ├── newtonsoft.cs │ │ ├── newtonsoft.yaml │ │ ├── soap-formatter.cs │ │ └── soap-formatter.yaml │ │ ├── memory │ │ ├── memory-marshal-create-span.cs │ │ └── memory-marshal-create-span.yaml │ │ ├── missing-hsts-header.cs │ │ ├── missing-hsts-header.yaml │ │ ├── open-redirect.cs │ │ ├── open-redirect.yaml │ │ ├── regular-expression-dos │ │ ├── regular-expression-dos-infinite-timeout.cs │ │ ├── regular-expression-dos-infinite-timeout.yaml │ │ ├── regular-expression-dos.cs │ │ └── regular-expression-dos.yaml │ │ ├── sqli │ │ ├── csharp-sqli.cs │ │ └── csharp-sqli.yaml │ │ ├── ssrf │ │ ├── http-client.cs │ │ ├── http-client.yaml │ │ ├── rest-client.cs │ │ ├── rest-client.yaml │ │ ├── web-client.cs │ │ ├── web-client.yaml │ │ ├── web-request.cs │ │ └── web-request.yaml │ │ ├── stacktrace-disclosure.cs │ │ ├── stacktrace-disclosure.yaml │ │ └── xxe │ │ ├── xmldocument-unsafe-parser-override.cs │ │ ├── xmldocument-unsafe-parser-override.yaml │ │ ├── xmlreadersettings-unsafe-parser-override.cs │ │ ├── xmlreadersettings-unsafe-parser-override.yaml │ │ ├── xmltextreader-unsafe-defaults.cs │ │ └── xmltextreader-unsafe-defaults.yaml └── razor │ └── security │ ├── html-raw-json.cshtml │ └── html-raw-json.yaml ├── dockerfile ├── audit │ ├── dockerfile-pip-extra-index-url.dockerfile │ ├── dockerfile-pip-extra-index-url.yaml │ ├── dockerfile-source-not-pinned.dockerfile │ └── dockerfile-source-not-pinned.yaml ├── best-practice │ ├── avoid-apk-upgrade.dockerfile │ ├── avoid-apk-upgrade.yaml │ ├── avoid-apt-get-upgrade.dockerfile │ ├── avoid-apt-get-upgrade.yaml │ ├── avoid-dnf-update.dockerfile │ ├── avoid-dnf-update.yaml │ ├── avoid-latest-version.dockerfile │ ├── avoid-latest-version.yaml │ ├── avoid-platform-with-from.dockerfile │ ├── avoid-platform-with-from.yaml │ ├── avoid-yum-update.dockerfile │ ├── avoid-yum-update.yaml │ ├── avoid-zypper-update.dockerfile │ ├── avoid-zypper-update.yaml │ ├── maintainer-is-deprecated.dockerfile │ ├── maintainer-is-deprecated.fixed.dockerfile │ ├── maintainer-is-deprecated.yaml │ ├── missing-apk-no-cache.dockerfile │ ├── missing-apk-no-cache.yaml │ ├── missing-dnf-assume-yes-switch.dockerfile │ ├── missing-dnf-assume-yes-switch.yaml │ ├── missing-dnf-clean-all.dockerfile │ ├── missing-dnf-clean-all.yaml │ ├── missing-image-version.dockerfile │ ├── missing-image-version.yaml │ ├── missing-no-install-recommends.dockerfile │ ├── missing-no-install-recommends.yaml │ ├── missing-pip-no-cache-dir.dockerfile │ ├── missing-pip-no-cache-dir.yaml │ ├── missing-yum-assume-yes-switch.dockerfile │ ├── missing-yum-assume-yes-switch.yaml │ ├── missing-zypper-clean.dockerfile │ ├── missing-zypper-clean.yaml │ ├── nonsensical-command.dockerfile │ ├── nonsensical-command.yaml │ ├── prefer-apt-get.dockerfile │ ├── prefer-apt-get.yaml │ ├── prefer-copy-over-add.dockerfile │ ├── prefer-copy-over-add.yaml │ ├── prefer-json-notation.dockerfile │ ├── prefer-json-notation.yaml │ ├── remove-package-cache.dockerfile │ ├── remove-package-cache.yaml │ ├── remove-package-lists.dockerfile │ ├── remove-package-lists.yaml │ ├── set-pipefail.dockerfile │ ├── set-pipefail.yaml │ ├── use-either-wget-or-curl.dockerfile │ ├── use-either-wget-or-curl.yaml │ ├── use-shell-instruction.dockerfile │ ├── use-shell-instruction.fixed.dockerfile │ ├── use-shell-instruction.yaml │ ├── use-workdir.dockerfile │ └── use-workdir.yaml ├── correctness │ ├── invalid-port.dockerfile │ ├── invalid-port.yaml │ ├── missing-assume-yes-switch.dockerfile │ ├── missing-assume-yes-switch.yaml │ ├── multiple-entrypoint-instructions.dockerfile │ └── multiple-entrypoint-instructions.yaml └── security │ ├── dockerd-socket-mount.dockerfile │ ├── dockerd-socket-mount.yaml │ ├── last-user-is-root.dockerfile │ ├── last-user-is-root.yaml │ ├── missing-user-entrypoint.dockerfile │ ├── missing-user-entrypoint.fixed.dockerfile │ ├── missing-user-entrypoint.yaml │ ├── missing-user.dockerfile │ ├── missing-user.fixed.dockerfile │ ├── missing-user.yaml │ ├── no-sudo-in-dockerfile.dockerfile │ ├── no-sudo-in-dockerfile.yaml │ ├── secret-in-build-arg.dockerfile │ └── secret-in-build-arg.yaml ├── elixir └── lang │ ├── best-practice │ ├── deprecated-bnot-operator.exs │ ├── deprecated-bnot-operator.fixed.exs │ ├── deprecated-bnot-operator.yaml │ ├── deprecated-bxor-operator.exs │ ├── deprecated-bxor-operator.fixed.exs │ ├── deprecated-bxor-operator.yaml │ ├── deprecated-calendar-iso-day-of-week-3.exs │ ├── deprecated-calendar-iso-day-of-week-3.fixed.exs │ ├── deprecated-calendar-iso-day-of-week-3.yaml │ ├── deprecated-use-bitwise.exs │ ├── deprecated-use-bitwise.fixed.exs │ ├── deprecated-use-bitwise.yaml │ ├── enum-map-into.exs │ ├── enum-map-into.fixed.exs │ ├── enum-map-into.yaml │ ├── enum-map-join.exs │ ├── enum-map-join.fixed.exs │ └── enum-map-join.yaml │ └── correctness │ ├── atom-exhaustion.exs │ ├── atom-exhaustion.fixed.exs │ └── atom-exhaustion.yaml ├── generic ├── bicep │ └── security │ │ ├── secure-parameter-for-secrets.bicep │ │ └── secure-parameter-for-secrets.yaml ├── ci │ ├── audit │ │ └── changed-semgrepignore.yaml │ └── security │ │ ├── bash-reverse-shell.generic │ │ ├── bash-reverse-shell.yaml │ │ └── use-frozen-lockfile.fixed.generic ├── dockerfile │ ├── best-practice │ │ ├── missing-yum-clean-all.dockerfile │ │ ├── missing-yum-clean-all.yaml │ │ ├── use-absolute-workdir.dockerfile │ │ └── use-absolute-workdir.yaml │ ├── correctness │ │ ├── alias-must-be-unique.dockerfile │ │ ├── alias-must-be-unique.yaml │ │ ├── copy-from-own-alias.dockerfile │ │ ├── copy-from-own-alias.yaml │ │ ├── multiple-cmd-instructions-ok.dockerfile │ │ ├── multiple-cmd-instructions.dockerfile │ │ └── multiple-cmd-instructions.yaml │ ├── missing-zypper-no-confirm-switch.dockerfile │ └── missing-zypper-no-confirm-switch.yaml ├── gradle │ └── security │ │ ├── build-gradle-password-hardcoded.build.gradle │ │ └── build-gradle-password-hardcoded.yaml ├── html-templates │ └── security │ │ ├── unquoted-attribute-var.html │ │ ├── unquoted-attribute-var.yaml │ │ ├── var-in-href.html │ │ ├── var-in-href.mustache │ │ ├── var-in-href.yaml │ │ ├── var-in-script-src.html │ │ ├── var-in-script-src.yaml │ │ ├── var-in-script-tag.html │ │ ├── var-in-script-tag.mustache │ │ └── var-in-script-tag.yaml ├── hugo │ └── best-practice │ │ ├── invalid-base-url.toml │ │ ├── invalid-base-url.yaml │ │ ├── localhost-base-url.toml │ │ └── localhost-base-url.yaml ├── nginx │ └── security │ │ ├── alias-path-traversal.conf │ │ ├── alias-path-traversal.yaml │ │ ├── dynamic-proxy-host.conf │ │ ├── dynamic-proxy-host.yaml │ │ ├── dynamic-proxy-scheme.conf │ │ ├── dynamic-proxy-scheme.yaml │ │ ├── header-injection.conf │ │ ├── header-injection.yaml │ │ ├── header-redefinition.conf │ │ ├── header-redefinition.yaml │ │ ├── insecure-redirect.sites-available.conf │ │ ├── insecure-redirect.yaml │ │ ├── insecure-ssl-version.conf │ │ ├── insecure-ssl-version.yaml │ │ ├── missing-internal.conf │ │ ├── missing-internal.yaml │ │ ├── missing-ssl-version.conf │ │ ├── missing-ssl-version.yaml │ │ ├── possible-h2c-smuggling.conf │ │ ├── possible-h2c-smuggling.yaml │ │ ├── request-host-used.conf │ │ └── request-host-used.yaml ├── secrets │ ├── gitleaks │ │ ├── adafruit-api-key.go │ │ ├── adafruit-api-key.yaml │ │ ├── adobe-client-id.go │ │ ├── adobe-client-id.yaml │ │ ├── adobe-client-secret.go │ │ ├── adobe-client-secret.yaml │ │ ├── age-secret-key.go │ │ ├── age-secret-key.yaml │ │ ├── airtable-api-key.go │ │ ├── airtable-api-key.yaml │ │ ├── algolia-api-key.go │ │ ├── algolia-api-key.yaml │ │ ├── alibaba-access-key-id.go │ │ ├── alibaba-access-key-id.yaml │ │ ├── alibaba-secret-key.go │ │ ├── alibaba-secret-key.yaml │ │ ├── asana-client-id.go │ │ ├── asana-client-id.yaml │ │ ├── asana-client-secret.go │ │ ├── asana-client-secret.yaml │ │ ├── atlassian-api-token.go │ │ ├── atlassian-api-token.yaml │ │ ├── authress-service-client-access-key.txt │ │ ├── authress-service-client-access-key.yaml │ │ ├── aws-access-token.go │ │ ├── aws-access-token.yaml │ │ ├── beamer-api-token.go │ │ ├── beamer-api-token.yaml │ │ ├── bitbucket-client-id.go │ │ ├── bitbucket-client-id.yaml │ │ ├── bitbucket-client-secret.go │ │ ├── bitbucket-client-secret.yaml │ │ ├── bittrex-access-key.go │ │ ├── bittrex-access-key.yaml │ │ ├── bittrex-secret-key.go │ │ ├── bittrex-secret-key.yaml │ │ ├── clojars-api-token.go │ │ ├── clojars-api-token.yaml │ │ ├── cloudflare-api-key.yaml │ │ ├── cloudflare-global-api-key.yaml │ │ ├── cloudflare-origin-ca-key.yaml │ │ ├── codecov-access-token.go │ │ ├── codecov-access-token.yaml │ │ ├── coinbase-access-token.go │ │ ├── coinbase-access-token.yaml │ │ ├── confluent-access-token.go │ │ ├── confluent-access-token.yaml │ │ ├── confluent-secret-key.go │ │ ├── confluent-secret-key.yaml │ │ ├── contentful-delivery-api-token.go │ │ ├── contentful-delivery-api-token.yaml │ │ ├── databricks-api-token.go │ │ ├── databricks-api-token.yaml │ │ ├── datadog-access-token.go │ │ ├── datadog-access-token.yaml │ │ ├── defined-networking-api-token.txt │ │ ├── defined-networking-api-token.yaml │ │ ├── digitalocean-access-token.go │ │ ├── digitalocean-access-token.yaml │ │ ├── digitalocean-pat.go │ │ ├── digitalocean-pat.yaml │ │ ├── digitalocean-refresh-token.go │ │ ├── digitalocean-refresh-token.yaml │ │ ├── discord-api-token.go │ │ ├── discord-api-token.yaml │ │ ├── discord-client-id.go │ │ ├── discord-client-id.yaml │ │ ├── discord-client-secret.go │ │ ├── discord-client-secret.yaml │ │ ├── doppler-api-token.go │ │ ├── doppler-api-token.yaml │ │ ├── droneci-access-token.go │ │ ├── droneci-access-token.yaml │ │ ├── dropbox-api-token.go │ │ ├── dropbox-api-token.yaml │ │ ├── dropbox-long-lived-api-token.go │ │ ├── dropbox-long-lived-api-token.yaml │ │ ├── dropbox-short-lived-api-token.go │ │ ├── dropbox-short-lived-api-token.yaml │ │ ├── duffel-api-token.go │ │ ├── duffel-api-token.yaml │ │ ├── dynatrace-api-token.go │ │ ├── dynatrace-api-token.yaml │ │ ├── easypost-api-token.go │ │ ├── easypost-api-token.yaml │ │ ├── easypost-test-api-token.go │ │ ├── easypost-test-api-token.yaml │ │ ├── etsy-access-token.go │ │ ├── etsy-access-token.yaml │ │ ├── facebook-access-token.yaml │ │ ├── facebook-page-access-token.yaml │ │ ├── facebook-secret.yaml │ │ ├── facebook.go │ │ ├── facebook.yaml │ │ ├── fastly-api-token.go │ │ ├── fastly-api-token.yaml │ │ ├── finicity-api-token.go │ │ ├── finicity-api-token.yaml │ │ ├── finicity-client-secret.go │ │ ├── finicity-client-secret.yaml │ │ ├── finnhub-access-token.go │ │ ├── finnhub-access-token.yaml │ │ ├── flickr-access-token.go │ │ ├── flickr-access-token.yaml │ │ ├── flutterwave-encryption-key.go │ │ ├── flutterwave-encryption-key.yaml │ │ ├── flutterwave-public-key.go │ │ ├── flutterwave-public-key.yaml │ │ ├── flutterwave-secret-key.go │ │ ├── flutterwave-secret-key.yaml │ │ ├── frameio-api-token.go │ │ ├── frameio-api-token.yaml │ │ ├── freshbooks-access-token.go │ │ ├── freshbooks-access-token.yaml │ │ ├── gcp-api-key.go │ │ ├── gcp-api-key.yaml │ │ ├── generic-api-key.txt │ │ ├── generic-api-key.yaml │ │ ├── github-app-token.go │ │ ├── github-app-token.yaml │ │ ├── github-fine-grained-pat.go │ │ ├── github-fine-grained-pat.yaml │ │ ├── github-oauth.go │ │ ├── github-oauth.yaml │ │ ├── github-pat.go │ │ ├── github-pat.yaml │ │ ├── github-refresh-token.go │ │ ├── github-refresh-token.yaml │ │ ├── gitlab-pat.go │ │ ├── gitlab-pat.yaml │ │ ├── gitlab-ptt.go │ │ ├── gitlab-ptt.yaml │ │ ├── gitlab-rrt.go │ │ ├── gitlab-rrt.yaml │ │ ├── gitter-access-token.go │ │ ├── gitter-access-token.yaml │ │ ├── gocardless-api-token.go │ │ ├── gocardless-api-token.yaml │ │ ├── grafana-api-key.go │ │ ├── grafana-api-key.yaml │ │ ├── grafana-cloud-api-token.go │ │ ├── grafana-cloud-api-token.yaml │ │ ├── grafana-service-account-token.go │ │ ├── grafana-service-account-token.yaml │ │ ├── harness-api-key.yaml │ │ ├── hashicorp-tf-api-token.go │ │ ├── hashicorp-tf-api-token.yaml │ │ ├── hashicorp-tf-password.txt │ │ ├── hashicorp-tf-password.yaml │ │ ├── heroku-api-key.js │ │ ├── heroku-api-key.yaml │ │ ├── hubspot-api-key.js │ │ ├── hubspot-api-key.yaml │ │ ├── huggingface-access-token.txt │ │ ├── huggingface-access-token.yaml │ │ ├── huggingface-organization-api-token.txt │ │ ├── huggingface-organization-api-token.yaml │ │ ├── infracost-api-token.txt │ │ ├── infracost-api-token.yaml │ │ ├── intercom-api-key.go │ │ ├── intercom-api-key.yaml │ │ ├── intra42-client-secret.yaml │ │ ├── jfrog-api-key.txt │ │ ├── jfrog-api-key.yaml │ │ ├── jfrog-identity-token.txt │ │ ├── jfrog-identity-token.yaml │ │ ├── jwt-base64.txt │ │ ├── jwt-base64.yaml │ │ ├── jwt.go │ │ ├── jwt.yaml │ │ ├── kraken-access-token.go │ │ ├── kraken-access-token.yaml │ │ ├── kucoin-access-token.go │ │ ├── kucoin-access-token.yaml │ │ ├── kucoin-secret-key.go │ │ ├── kucoin-secret-key.yaml │ │ ├── launchdarkly-access-token.go │ │ ├── launchdarkly-access-token.yaml │ │ ├── linear-api-key.go │ │ ├── linear-api-key.yaml │ │ ├── linear-client-secret.go │ │ ├── linear-client-secret.yaml │ │ ├── linkedin-client-id.go │ │ ├── linkedin-client-id.yaml │ │ ├── linkedin-client-secret.go │ │ ├── linkedin-client-secret.yaml │ │ ├── lob-api-key.go │ │ ├── lob-api-key.yaml │ │ ├── lob-pub-api-key.go │ │ ├── lob-pub-api-key.yaml │ │ ├── mailchimp-api-key.go │ │ ├── mailchimp-api-key.yaml │ │ ├── mailgun-private-api-token.go │ │ ├── mailgun-private-api-token.yaml │ │ ├── mailgun-pub-key.go │ │ ├── mailgun-pub-key.yaml │ │ ├── mailgun-signing-key.go │ │ ├── mailgun-signing-key.yaml │ │ ├── mapbox-api-token.go │ │ ├── mapbox-api-token.yaml │ │ ├── mattermost-access-token.go │ │ ├── mattermost-access-token.yaml │ │ ├── messagebird-api-token.go │ │ ├── messagebird-api-token.yaml │ │ ├── messagebird-client-id.js │ │ ├── messagebird-client-id.yaml │ │ ├── microsoft-teams-webhook.go │ │ ├── microsoft-teams-webhook.yaml │ │ ├── netlify-access-token.go │ │ ├── netlify-access-token.yaml │ │ ├── new-relic-browser-api-token.go │ │ ├── new-relic-browser-api-token.yaml │ │ ├── new-relic-insert-key.yaml │ │ ├── new-relic-user-api-id.go │ │ ├── new-relic-user-api-id.yaml │ │ ├── new-relic-user-api-key.go │ │ ├── new-relic-user-api-key.yaml │ │ ├── npm-access-token.go │ │ ├── npm-access-token.yaml │ │ ├── nytimes-access-token.go │ │ ├── nytimes-access-token.yaml │ │ ├── okta-access-token.go │ │ ├── okta-access-token.yaml │ │ ├── openai-api-key.txt │ │ ├── openai-api-key.yaml │ │ ├── plaid-api-token.go │ │ ├── plaid-api-token.yaml │ │ ├── plaid-client-id.go │ │ ├── plaid-client-id.yaml │ │ ├── plaid-secret-key.go │ │ ├── plaid-secret-key.yaml │ │ ├── planetscale-api-token.go │ │ ├── planetscale-api-token.yaml │ │ ├── planetscale-oauth-token.go │ │ ├── planetscale-oauth-token.yaml │ │ ├── planetscale-password.go │ │ ├── planetscale-password.yaml │ │ ├── postman-api-token.go │ │ ├── postman-api-token.yaml │ │ ├── prefect-api-token.go │ │ ├── prefect-api-token.yaml │ │ ├── private-key.go │ │ ├── private-key.yaml │ │ ├── pulumi-api-token.go │ │ ├── pulumi-api-token.yaml │ │ ├── pypi-upload-token.go │ │ ├── pypi-upload-token.yaml │ │ ├── rapidapi-access-token.go │ │ ├── rapidapi-access-token.yaml │ │ ├── readme-api-token.go │ │ ├── readme-api-token.yaml │ │ ├── rubygems-api-token.go │ │ ├── rubygems-api-token.yaml │ │ ├── scalingo-api-token.go │ │ ├── scalingo-api-token.yaml │ │ ├── sendbird-access-id.go │ │ ├── sendbird-access-id.yaml │ │ ├── sendbird-access-token.go │ │ ├── sendbird-access-token.yaml │ │ ├── sendgrid-api-token.go │ │ ├── sendgrid-api-token.yaml │ │ ├── sendinblue-api-token.go │ │ ├── sendinblue-api-token.yaml │ │ ├── sentry-access-token.go │ │ ├── sentry-access-token.yaml │ │ ├── shippo-api-token.go │ │ ├── shippo-api-token.yaml │ │ ├── shopify-access-token.go │ │ ├── shopify-access-token.yaml │ │ ├── shopify-custom-access-token.go │ │ ├── shopify-custom-access-token.yaml │ │ ├── shopify-private-app-access-token.go │ │ ├── shopify-private-app-access-token.yaml │ │ ├── shopify-shared-secret.go │ │ ├── shopify-shared-secret.yaml │ │ ├── sidekiq-secret.go │ │ ├── sidekiq-secret.yaml │ │ ├── sidekiq-sensitive-url.go │ │ ├── sidekiq-sensitive-url.yaml │ │ ├── slack-access-token.go │ │ ├── slack-app-token.txt │ │ ├── slack-app-token.yaml │ │ ├── slack-bot-token.txt │ │ ├── slack-bot-token.yaml │ │ ├── slack-config-access-token.txt │ │ ├── slack-config-access-token.yaml │ │ ├── slack-config-refresh-token.txt │ │ ├── slack-config-refresh-token.yaml │ │ ├── slack-legacy-bot-token.txt │ │ ├── slack-legacy-bot-token.yaml │ │ ├── slack-legacy-token.txt │ │ ├── slack-legacy-token.yaml │ │ ├── slack-legacy-workspace-token.txt │ │ ├── slack-legacy-workspace-token.yaml │ │ ├── slack-user-token.txt │ │ ├── slack-user-token.yaml │ │ ├── slack-web-hook.go │ │ ├── slack-webhook-url.txt │ │ ├── slack-webhook-url.yaml │ │ ├── snyk-api-token.txt │ │ ├── snyk-api-token.yaml │ │ ├── square-access-token.go │ │ ├── square-access-token.yaml │ │ ├── squarespace-access-token.go │ │ ├── squarespace-access-token.yaml │ │ ├── stripe-access-token.go │ │ ├── stripe-access-token.yaml │ │ ├── sumologic-access-id.go │ │ ├── sumologic-access-id.yaml │ │ ├── sumologic-access-token.go │ │ ├── sumologic-access-token.yaml │ │ ├── telegram-bot-api-token.go │ │ ├── telegram-bot-api-token.yaml │ │ ├── travisci-access-token.go │ │ ├── travisci-access-token.yaml │ │ ├── twilio-api-key.go │ │ ├── twilio-api-key.yaml │ │ ├── twitch-api-token.go │ │ ├── twitch-api-token.yaml │ │ ├── twitter-access-secret.go │ │ ├── twitter-access-secret.yaml │ │ ├── twitter-access-token.go │ │ ├── twitter-access-token.yaml │ │ ├── twitter-api-key.go │ │ ├── twitter-api-key.yaml │ │ ├── twitter-api-secret.go │ │ ├── twitter-api-secret.yaml │ │ ├── twitter-bearer-token.go │ │ ├── twitter-bearer-token.yaml │ │ ├── typeform-api-token.go │ │ ├── typeform-api-token.yaml │ │ ├── vault-batch-token.go │ │ ├── vault-batch-token.yaml │ │ ├── vault-service-token.go │ │ ├── vault-service-token.yaml │ │ ├── yandex-access-token.go │ │ ├── yandex-access-token.yaml │ │ ├── yandex-api-key.go │ │ ├── yandex-api-key.yaml │ │ ├── yandex-aws-access-token.go │ │ ├── yandex-aws-access-token.yaml │ │ ├── zendesk-secret-key.go │ │ └── zendesk-secret-key.yaml │ └── security │ │ ├── detected-amazon-mws-auth-token.txt │ │ ├── detected-amazon-mws-auth-token.yaml │ │ ├── detected-artifactory-password.txt │ │ ├── detected-artifactory-password.yaml │ │ ├── detected-artifactory-token.txt │ │ ├── detected-artifactory-token.yaml │ │ ├── detected-aws-access-key-id-value.txt │ │ ├── detected-aws-access-key-id-value.yaml │ │ ├── detected-aws-account-id.txt │ │ ├── detected-aws-account-id.yaml │ │ ├── detected-aws-appsync-graphql-key.txt │ │ ├── detected-aws-appsync-graphql-key.yaml │ │ ├── detected-aws-secret-access-key.txt │ │ ├── detected-aws-secret-access-key.yaml │ │ ├── detected-aws-session-token.txt │ │ ├── detected-aws-session-token.yaml │ │ ├── detected-bcrypt-hash.txt │ │ ├── detected-bcrypt-hash.yaml │ │ ├── detected-codeclimate.txt │ │ ├── detected-codeclimate.yaml │ │ ├── detected-etc-shadow.txt │ │ ├── detected-etc-shadow.yaml │ │ ├── detected-facebook-access-token.txt │ │ ├── detected-facebook-access-token.yaml │ │ ├── detected-facebook-oauth.txt │ │ ├── detected-facebook-oauth.yaml │ │ ├── detected-generic-api-key.txt │ │ ├── detected-generic-api-key.yaml │ │ ├── detected-generic-secret.txt │ │ ├── detected-generic-secret.yaml │ │ ├── detected-github-token.txt │ │ ├── detected-github-token.yaml │ │ ├── detected-google-api-key.txt │ │ ├── detected-google-api-key.yaml │ │ ├── detected-google-cloud-api-key.txt │ │ ├── detected-google-cloud-api-key.yaml │ │ ├── detected-google-gcm-service-account.txt │ │ ├── detected-google-gcm-service-account.yaml │ │ ├── detected-google-oauth-access-token.txt │ │ ├── detected-google-oauth-access-token.yaml │ │ ├── detected-google-oauth.txt │ │ ├── detected-google-oauth.yaml │ │ ├── detected-heroku-api-key.txt │ │ ├── detected-heroku-api-key.yaml │ │ ├── detected-hockeyapp.txt │ │ ├── detected-hockeyapp.yaml │ │ ├── detected-jwt-token.txt │ │ ├── detected-jwt-token.yaml │ │ ├── detected-kolide-api-key.txt │ │ ├── detected-kolide-api-key.yaml │ │ ├── detected-mailchimp-api-key.txt │ │ ├── detected-mailchimp-api-key.yaml │ │ ├── detected-mailgun-api-key.txt │ │ ├── detected-mailgun-api-key.yaml │ │ ├── detected-npm-registry-auth-token.npmrc │ │ ├── detected-npm-registry-auth-token.yaml │ │ ├── detected-onfido-live-api-token.txt │ │ ├── detected-onfido-live-api-token.yaml │ │ ├── detected-outlook-team.txt │ │ ├── detected-outlook-team.yaml │ │ ├── detected-paypal-braintree-access-token.txt │ │ ├── detected-paypal-braintree-access-token.yaml │ │ ├── detected-pgp-private-key-block.txt │ │ ├── detected-pgp-private-key-block.yaml │ │ ├── detected-picatic-api-key.jsx │ │ ├── detected-picatic-api-key.yaml │ │ ├── detected-private-key.txt │ │ ├── detected-private-key.yaml │ │ ├── detected-sauce-token.txt │ │ ├── detected-sauce-token.yaml │ │ ├── detected-sendgrid-api-key.txt │ │ ├── detected-sendgrid-api-key.yaml │ │ ├── detected-slack-token.txt │ │ ├── detected-slack-token.yaml │ │ ├── detected-slack-webhook.txt │ │ ├── detected-slack-webhook.yaml │ │ ├── detected-snyk-api-key.txt │ │ ├── detected-snyk-api-key.yaml │ │ ├── detected-softlayer-api-key.txt │ │ ├── detected-softlayer-api-key.yaml │ │ ├── detected-sonarqube-docs-api-key.txt │ │ ├── detected-sonarqube-docs-api-key.yaml │ │ ├── detected-square-access-token.txt │ │ ├── detected-square-access-token.yaml │ │ ├── detected-square-oauth-secret.txt │ │ ├── detected-square-oauth-secret.yaml │ │ ├── detected-ssh-password.txt │ │ ├── detected-ssh-password.yaml │ │ ├── detected-stripe-api-key.txt │ │ ├── detected-stripe-api-key.yaml │ │ ├── detected-stripe-restricted-api-key.txt │ │ ├── detected-stripe-restricted-api-key.yaml │ │ ├── detected-telegram-bot-api-key.php │ │ ├── detected-telegram-bot-api-key.yaml │ │ ├── detected-twilio-api-key.txt │ │ ├── detected-twilio-api-key.yaml │ │ ├── detected-username-and-password-in-uri.txt │ │ ├── detected-username-and-password-in-uri.yaml │ │ ├── google-maps-apikeyleak.generic │ │ └── google-maps-apikeyleak.yaml ├── unicode │ └── security │ │ ├── bidi.py │ │ └── bidi.yml └── visualforce │ └── security │ └── ncino │ ├── html │ ├── UseSRIForCDNs.page │ └── UseSRIForCDNs.yaml │ ├── vf │ ├── XSSFromUnescapedURLParam.page │ └── XSSFromUnescapedURLParam.yaml │ └── xml │ ├── CSPHeaderAttribute.page │ ├── CSPHeaderAttribute.yaml │ ├── VisualForceAPIVersion.page-meta.xml │ └── VisualForceAPIVersion.yaml ├── go ├── aws-lambda │ └── security │ │ ├── database-sqli.go │ │ ├── database-sqli.yaml │ │ ├── tainted-sql-string.go │ │ └── tainted-sql-string.yaml ├── gorilla │ └── security │ │ └── audit │ │ ├── handler-assignment-from-multiple-sources.go │ │ ├── handler-assignment-from-multiple-sources.yaml │ │ ├── session-cookie-missing-httponly.go │ │ ├── session-cookie-missing-httponly.yaml │ │ ├── session-cookie-missing-secure.go │ │ ├── session-cookie-missing-secure.yaml │ │ ├── session-cookie-samesitenone.go │ │ ├── session-cookie-samesitenone.yaml │ │ ├── websocket-missing-origin-check.go │ │ └── websocket-missing-origin-check.yaml ├── gorm │ └── security │ │ └── audit │ │ ├── gorm-dangerous-methods-usage.go │ │ └── gorm-dangerous-methods-usage.yaml ├── grpc │ └── security │ │ ├── grpc-client-insecure-connection.go │ │ ├── grpc-client-insecure-connection.yaml │ │ ├── grpc-server-insecure-connection.go │ │ └── grpc-server-insecure-connection.yaml ├── jwt-go │ └── security │ │ ├── audit │ │ ├── jwt-parse-unverified.go │ │ └── jwt-parse-unverified.yaml │ │ ├── jwt-none-alg.go │ │ ├── jwt-none-alg.yaml │ │ ├── jwt.go │ │ └── jwt.yaml ├── lang │ ├── best-practice │ │ ├── channel-guarded-with-mutex.go │ │ ├── channel-guarded-with-mutex.yaml │ │ ├── hidden-goroutine.go │ │ └── hidden-goroutine.yaml │ ├── correctness │ │ ├── dos │ │ │ ├── zip_bomb.go │ │ │ └── zlib_bomb.go │ │ ├── looppointer.go │ │ ├── looppointer.yaml │ │ ├── overflow │ │ │ ├── overflow.go │ │ │ └── overflow.yaml │ │ ├── permissions │ │ │ ├── file_permission.fixed.go │ │ │ ├── file_permission.go │ │ │ └── file_permission.yaml │ │ ├── use-filepath-join.go │ │ ├── use-filepath-join.yaml │ │ ├── useless-eqeq.go │ │ └── useless-eqeq.yaml │ ├── maintainability │ │ ├── useless-ifelse.go │ │ └── useless-ifelse.yaml │ └── security │ │ ├── audit │ │ ├── crypto │ │ │ ├── bad_imports.go │ │ │ ├── bad_imports.yaml │ │ │ ├── insecure_ssh.go │ │ │ ├── insecure_ssh.yaml │ │ │ ├── math_random.fixed.go │ │ │ ├── math_random.go │ │ │ ├── math_random.yaml │ │ │ ├── missing-ssl-minversion.fixed.go │ │ │ ├── missing-ssl-minversion.go │ │ │ ├── missing-ssl-minversion.yaml │ │ │ ├── sha224-hash.go │ │ │ ├── sha224-hash.yaml │ │ │ ├── ssl.go │ │ │ ├── ssl.yaml │ │ │ ├── tls.go │ │ │ ├── tls.yaml │ │ │ ├── use_of_weak_crypto.go │ │ │ ├── use_of_weak_crypto.yaml │ │ │ ├── use_of_weak_rsa_key.fixed.go │ │ │ ├── use_of_weak_rsa_key.go │ │ │ └── use_of_weak_rsa_key.yaml │ │ ├── dangerous-command-write.go │ │ ├── dangerous-command-write.yaml │ │ ├── dangerous-exec-cmd.go │ │ ├── dangerous-exec-cmd.yaml │ │ ├── dangerous-exec-command.go │ │ ├── dangerous-exec-command.yaml │ │ ├── dangerous-syscall-exec.go │ │ ├── dangerous-syscall-exec.yaml │ │ ├── database │ │ │ ├── string-formatted-query.go │ │ │ └── string-formatted-query.yaml │ │ ├── md5-used-as-password.go │ │ ├── md5-used-as-password.yaml │ │ ├── net │ │ │ ├── bind_all.go │ │ │ ├── bind_all.yaml │ │ │ ├── bind_all_default.go │ │ │ ├── cookie-missing-httponly.go │ │ │ ├── cookie-missing-httponly.yaml │ │ │ ├── cookie-missing-secure.go │ │ │ ├── cookie-missing-secure.yaml │ │ │ ├── dynamic-httptrace-clienttrace-ok.go │ │ │ ├── dynamic-httptrace-clienttrace.go │ │ │ ├── dynamic-httptrace-clienttrace.yaml │ │ │ ├── formatted-template-string.go │ │ │ ├── formatted-template-string.yaml │ │ │ ├── fs-directory-listing.go │ │ │ ├── fs-directory-listing.yaml │ │ │ ├── pprof.go │ │ │ ├── pprof.yaml │ │ │ ├── pprof_good.go │ │ │ ├── pprof_good2.go │ │ │ ├── unescaped-data-in-htmlattr.go │ │ │ ├── unescaped-data-in-htmlattr.yaml │ │ │ ├── unescaped-data-in-js.go │ │ │ ├── unescaped-data-in-js.yaml │ │ │ ├── unescaped-data-in-url.go │ │ │ ├── unescaped-data-in-url.yaml │ │ │ ├── use-tls.fixed.go │ │ │ ├── use-tls.go │ │ │ ├── use-tls.yaml │ │ │ ├── wip-xss-using-responsewriter-and-printf.go │ │ │ └── wip-xss-using-responsewriter-and-printf.yaml │ │ ├── reflect-makefunc.go │ │ ├── reflect-makefunc.yaml │ │ ├── sqli │ │ │ ├── gosql-sqli.go │ │ │ ├── gosql-sqli.yaml │ │ │ ├── pg-orm-sqli.go │ │ │ ├── pg-orm-sqli.yaml │ │ │ ├── pg-sqli.go │ │ │ ├── pg-sqli.yaml │ │ │ ├── pgx-sqli.go │ │ │ └── pgx-sqli.yaml │ │ ├── unsafe-reflect-by-name.go │ │ ├── unsafe-reflect-by-name.yaml │ │ ├── unsafe.go │ │ ├── unsafe.yaml │ │ ├── xss │ │ │ ├── import-text-template.fixed.go │ │ │ ├── import-text-template.go │ │ │ ├── import-text-template.yaml │ │ │ ├── no-direct-write-to-responsewriter.go │ │ │ ├── no-direct-write-to-responsewriter.yaml │ │ │ ├── no-fprintf-to-responsewriter.go │ │ │ ├── no-fprintf-to-responsewriter.yaml │ │ │ ├── no-interpolation-in-tag.html │ │ │ ├── no-interpolation-in-tag.yaml │ │ │ ├── no-interpolation-js-template-string.html │ │ │ ├── no-interpolation-js-template-string.yaml │ │ │ ├── no-io-writestring-to-responsewriter.go │ │ │ ├── no-io-writestring-to-responsewriter.yaml │ │ │ ├── no-printf-in-responsewriter.go │ │ │ ├── no-printf-in-responsewriter.yaml │ │ │ ├── template-html-does-not-escape.go │ │ │ └── template-html-does-not-escape.yaml │ │ └── xxe │ │ │ ├── parsing-external-entities-enabled.go │ │ │ └── parsing-external-entities-enabled.yaml │ │ ├── bad_tmp.go │ │ ├── bad_tmp.yaml │ │ ├── decompression_bomb.go │ │ ├── decompression_bomb.yaml │ │ ├── filepath-clean-misuse.fixed.go │ │ ├── filepath-clean-misuse.go │ │ ├── filepath-clean-misuse.yaml │ │ ├── injection │ │ ├── open-redirect.go │ │ ├── open-redirect.yaml │ │ ├── raw-html-format.go │ │ ├── raw-html-format.yaml │ │ ├── tainted-sql-string.go │ │ ├── tainted-sql-string.yaml │ │ ├── tainted-url-host.go │ │ └── tainted-url-host.yaml │ │ ├── reverseproxy-director.go │ │ ├── reverseproxy-director.yaml │ │ ├── shared-url-struct-mutation.go │ │ ├── shared-url-struct-mutation.yaml │ │ ├── zip.go │ │ └── zip.yaml ├── otto │ └── security │ │ └── audit │ │ ├── dangerous-execution.go │ │ └── dangerous-execution.yaml └── template │ └── security │ ├── insecure-types.go │ ├── insecure-types.yaml │ ├── ssti.go │ └── ssti.yaml ├── html ├── best-practice │ ├── robots-denied.html │ └── robots-denied.yaml ├── correctness │ ├── https-equiv.html │ └── https-equiv.yaml └── security │ ├── audit │ ├── eval-detected.html │ ├── eval-detected.yaml │ ├── insecure-document-method.html │ ├── insecure-document-method.yaml │ ├── missing-integrity.html │ └── missing-integrity.yaml │ ├── plaintext-http-link.html │ └── plaintext-http-link.yaml ├── java ├── android │ ├── best-practice │ │ ├── manifest-security-features.xml │ │ ├── manifest-security-features.yaml │ │ ├── network-security-config.xml │ │ └── network-security-config.yml │ └── security │ │ ├── exported_activity.AndroidManifest.xml │ │ └── exported_activity.yaml ├── aws-lambda │ └── security │ │ ├── tainted-sql-string.java │ │ ├── tainted-sql-string.yaml │ │ ├── tainted-sqli.java │ │ └── tainted-sqli.yaml ├── java-jwt │ └── security │ │ ├── audit │ │ ├── jwt-decode-without-verify.java │ │ └── jwt-decode-without-verify.yaml │ │ ├── jwt-hardcode.java │ │ ├── jwt-hardcode.yaml │ │ ├── jwt-none-alg.java │ │ └── jwt-none-alg.yaml ├── jax-rs │ └── security │ │ ├── insecure-resteasy.java │ │ ├── insecure-resteasy.yaml │ │ ├── jax-rs-path-traversal.java │ │ └── jax-rs-path-traversal.yaml ├── jboss │ └── security │ │ ├── seam-log-injection.java │ │ ├── seam-log-injection.yaml │ │ ├── session_sqli.java │ │ └── session_sqli.yaml ├── jjwt │ └── security │ │ ├── jwt-none-alg.java │ │ └── jwt-none-alg.yaml ├── lang │ ├── correctness │ │ ├── assignment-comparison.java │ │ ├── assignment-comparison.yaml │ │ ├── eqeq.java │ │ ├── eqeq.yaml │ │ ├── hardcoded-conditional.java │ │ ├── hardcoded-conditional.yaml │ │ ├── no-string-eqeq.java │ │ └── no-string-eqeq.yaml │ └── security │ │ ├── audit │ │ ├── anonymous-ldap-bind.java │ │ ├── anonymous-ldap-bind.yaml │ │ ├── bad-hexa-conversion.java │ │ ├── bad-hexa-conversion.yaml │ │ ├── blowfish-insufficient-key-size.java │ │ ├── blowfish-insufficient-key-size.yaml │ │ ├── cbc-padding-oracle.fixed.java │ │ ├── cbc-padding-oracle.java │ │ ├── cbc-padding-oracle.yaml │ │ ├── command-injection-formatted-runtime-call.java │ │ ├── command-injection-formatted-runtime-call.yaml │ │ ├── command-injection-process-builder.java │ │ ├── command-injection-process-builder.yaml │ │ ├── cookie-missing-httponly.java │ │ ├── cookie-missing-httponly.yaml │ │ ├── cookie-missing-secure-flag.java │ │ ├── cookie-missing-secure-flag.yaml │ │ ├── crlf-injection-logs.java │ │ ├── crlf-injection-logs.yaml │ │ ├── crypto │ │ │ ├── des-is-deprecated.fixed.java │ │ │ ├── des-is-deprecated.java │ │ │ ├── des-is-deprecated.yaml │ │ │ ├── desede-is-deprecated.java │ │ │ ├── desede-is-deprecated.yaml │ │ │ ├── ecb-cipher.java │ │ │ ├── ecb-cipher.yaml │ │ │ ├── gcm-detection.java │ │ │ ├── gcm-detection.yaml │ │ │ ├── gcm-nonce-reuse.java │ │ │ ├── gcm-nonce-reuse.yaml │ │ │ ├── no-null-cipher.java │ │ │ ├── no-null-cipher.yaml │ │ │ ├── no-static-initialization-vector.java │ │ │ ├── no-static-initialization-vector.yaml │ │ │ ├── rsa-no-padding.java │ │ │ ├── rsa-no-padding.yaml │ │ │ ├── ssl │ │ │ │ ├── avoid-implementing-custom-digests.java │ │ │ │ ├── avoid-implementing-custom-digests.yaml │ │ │ │ ├── defaulthttpclient-is-deprecated.java │ │ │ │ ├── defaulthttpclient-is-deprecated.yaml │ │ │ │ ├── insecure-hostname-verifier.java │ │ │ │ ├── insecure-hostname-verifier.yaml │ │ │ │ ├── insecure-trust-manager.java │ │ │ │ └── insecure-trust-manager.yaml │ │ │ ├── unencrypted-socket.java │ │ │ ├── unencrypted-socket.yaml │ │ │ ├── use-of-aes-ecb.java │ │ │ ├── use-of-aes-ecb.yaml │ │ │ ├── use-of-blowfish.java │ │ │ ├── use-of-blowfish.yaml │ │ │ ├── use-of-default-aes.java │ │ │ ├── use-of-default-aes.yaml │ │ │ ├── use-of-md5-digest-utils.fixed.java │ │ │ ├── use-of-md5-digest-utils.java │ │ │ ├── use-of-md5-digest-utils.yaml │ │ │ ├── use-of-md5.fixed.java │ │ │ ├── use-of-md5.java │ │ │ ├── use-of-md5.yaml │ │ │ ├── use-of-rc2.java │ │ │ ├── use-of-rc2.yaml │ │ │ ├── use-of-rc4.java │ │ │ ├── use-of-rc4.yaml │ │ │ ├── use-of-sha1.java │ │ │ ├── use-of-sha1.yaml │ │ │ ├── use-of-sha224.java │ │ │ ├── use-of-sha224.yaml │ │ │ ├── weak-random.java │ │ │ ├── weak-random.yaml │ │ │ ├── weak-rsa.java │ │ │ └── weak-rsa.yaml │ │ ├── dangerous-groovy-shell.java │ │ ├── dangerous-groovy-shell.yaml │ │ ├── el-injection.java │ │ ├── el-injection.yaml │ │ ├── formatted-sql-string.java │ │ ├── formatted-sql-string.yaml │ │ ├── http-response-splitting.java │ │ ├── http-response-splitting.yaml │ │ ├── insecure-smtp-connection.java │ │ ├── insecure-smtp-connection.yaml │ │ ├── java-reverse-shell.java │ │ ├── java-reverse-shell.yaml │ │ ├── jdbc-sql-formatted-string.java │ │ ├── jdbc-sql-formatted-string.yaml │ │ ├── ldap-entry-poisoning.java │ │ ├── ldap-entry-poisoning.yaml │ │ ├── ldap-injection.java │ │ ├── ldap-injection.yaml │ │ ├── md5-used-as-password.java │ │ ├── md5-used-as-password.yaml │ │ ├── object-deserialization.java │ │ ├── object-deserialization.yaml │ │ ├── ognl-injection.java │ │ ├── ognl-injection.yaml │ │ ├── overly-permissive-file-permission.java │ │ ├── overly-permissive-file-permission.yaml │ │ ├── permissive-cors.java │ │ ├── permissive-cors.yaml │ │ ├── script-engine-injection.java │ │ ├── script-engine-injection.yaml │ │ ├── sqli │ │ │ ├── hibernate-sqli.java │ │ │ ├── hibernate-sqli.yaml │ │ │ ├── jdbc-sqli.java │ │ │ ├── jdbc-sqli.yaml │ │ │ ├── jdo-sqli.java │ │ │ ├── jdo-sqli.yaml │ │ │ ├── jpa-sqli.java │ │ │ ├── jpa-sqli.yaml │ │ │ ├── tainted-sql-from-http-request.java │ │ │ ├── tainted-sql-from-http-request.yaml │ │ │ ├── turbine-sqli.java │ │ │ ├── turbine-sqli.yaml │ │ │ ├── vertx-sqli.java │ │ │ └── vertx-sqli.yaml │ │ ├── tainted-cmd-from-http-request.java │ │ ├── tainted-cmd-from-http-request.yaml │ │ ├── tainted-env-from-http-request.java │ │ ├── tainted-env-from-http-request.yaml │ │ ├── tainted-ldapi-from-http-request.java │ │ ├── tainted-ldapi-from-http-request.yaml │ │ ├── tainted-session-from-http-request.java │ │ ├── tainted-session-from-http-request.yaml │ │ ├── tainted-xpath-from-http-request.java │ │ ├── tainted-xpath-from-http-request.yaml │ │ ├── unsafe-reflection.java │ │ ├── unsafe-reflection.yaml │ │ ├── unvalidated-redirect.java │ │ ├── unvalidated-redirect.yaml │ │ ├── url-rewriting.java │ │ ├── url-rewriting.yaml │ │ ├── weak-ssl-context.java │ │ ├── weak-ssl-context.yaml │ │ ├── xml-decoder.java │ │ ├── xml-decoder.yaml │ │ ├── xss │ │ │ ├── jsf │ │ │ │ ├── autoescape-disabled.xhtml │ │ │ │ └── autoescape-disabled.yaml │ │ │ ├── jsp │ │ │ │ ├── no-scriptlets.jsp │ │ │ │ ├── no-scriptlets.yaml │ │ │ │ ├── use-escapexml.jsp │ │ │ │ ├── use-escapexml.yaml │ │ │ │ ├── use-jstl-escaping.jsp │ │ │ │ └── use-jstl-escaping.yaml │ │ │ ├── no-direct-response-writer.java │ │ │ └── no-direct-response-writer.yaml │ │ ├── xssrequestwrapper-is-insecure.java │ │ ├── xssrequestwrapper-is-insecure.yaml │ │ └── xxe │ │ │ ├── documentbuilderfactory-disallow-doctype-decl-false.java │ │ │ ├── documentbuilderfactory-disallow-doctype-decl-false.yaml │ │ │ ├── documentbuilderfactory-disallow-doctype-decl-missing.fixed.java │ │ │ ├── documentbuilderfactory-disallow-doctype-decl-missing.java │ │ │ ├── documentbuilderfactory-disallow-doctype-decl-missing.yaml │ │ │ ├── documentbuilderfactory-external-general-entities-true.java │ │ │ ├── documentbuilderfactory-external-general-entities-true.yaml │ │ │ ├── documentbuilderfactory-external-parameter-entities-true.java │ │ │ ├── documentbuilderfactory-external-parameter-entities-true.yaml │ │ │ ├── saxparserfactory-disallow-doctype-decl-missing.java │ │ │ ├── saxparserfactory-disallow-doctype-decl-missing.yaml │ │ │ ├── transformerfactory-dtds-not-disabled.java │ │ │ └── transformerfactory-dtds-not-disabled.yaml │ │ ├── do-privileged-use.java │ │ ├── do-privileged-use.yaml │ │ ├── httpservlet-path-traversal.java │ │ ├── httpservlet-path-traversal.yaml │ │ ├── insecure-jms-deserialization.java │ │ ├── insecure-jms-deserialization.yaml │ │ ├── jackson-unsafe-deserialization.java │ │ ├── jackson-unsafe-deserialization.yaml │ │ ├── java-pattern-from-string-parameter.java │ │ ├── java-pattern-from-string-parameter.yaml │ │ ├── servletresponse-writer-xss.java │ │ ├── servletresponse-writer-xss.yaml │ │ ├── use-snakeyaml-constructor.java │ │ ├── use-snakeyaml-constructor.yaml │ │ ├── xmlinputfactory-external-entities-enabled.java │ │ ├── xmlinputfactory-external-entities-enabled.yaml │ │ ├── xmlinputfactory-possible-xxe.java │ │ └── xmlinputfactory-possible-xxe.yaml ├── mongodb │ └── security │ │ └── injection │ │ └── audit │ │ ├── mongodb-nosqli.java │ │ └── mongodb-nosqli.yaml ├── rmi │ └── security │ │ ├── server-dangerous-class-deserialization.java │ │ ├── server-dangerous-class-deserialization.yaml │ │ ├── server-dangerous-object-deserialization.java │ │ └── server-dangerous-object-deserialization.yaml ├── servlets │ └── security │ │ ├── cookie-issecure-false.java │ │ ├── cookie-issecure-false.yaml │ │ ├── cookie-setSecure.java │ │ ├── cookie-setSecure.yaml │ │ ├── security-constraint-http-method.xml │ │ └── security-constraint-http-method.yaml └── spring │ └── security │ ├── audit │ ├── spel-injection.java │ ├── spel-injection.yaml │ ├── spring-actuator-fully-enabled-yaml.test.yaml │ ├── spring-actuator-fully-enabled-yaml.yaml │ ├── spring-actuator-fully-enabled.properties │ ├── spring-actuator-fully-enabled.yaml │ ├── spring-actuator-non-health-enabled-yaml.test.yaml │ ├── spring-actuator-non-health-enabled-yaml.yaml │ ├── spring-actuator-non-health-enabled.properties │ ├── spring-actuator-non-health-enabled.yaml │ ├── spring-csrf-disabled.java │ ├── spring-csrf-disabled.yaml │ ├── spring-jsp-eval.jsp │ ├── spring-jsp-eval.yaml │ ├── spring-sqli.java │ ├── spring-sqli.yaml │ ├── spring-unvalidated-redirect.java │ └── spring-unvalidated-redirect.yaml │ ├── injection │ ├── tainted-file-path.java │ ├── tainted-file-path.yaml │ ├── tainted-html-string.java │ ├── tainted-html-string.yaml │ ├── tainted-sql-string.java │ ├── tainted-sql-string.yaml │ ├── tainted-system-command.java │ ├── tainted-system-command.yaml │ ├── tainted-url-host.java │ └── tainted-url-host.yaml │ ├── unrestricted-request-mapping.java │ └── unrestricted-request-mapping.yaml ├── javascript ├── ajv │ └── security │ │ └── audit │ │ ├── ajv-allerrors-true.js │ │ └── ajv-allerrors-true.yaml ├── angular │ └── security │ │ ├── detect-angular-element-methods.js │ │ ├── detect-angular-element-methods.yaml │ │ ├── detect-angular-element-taint.js │ │ ├── detect-angular-element-taint.yaml │ │ ├── detect-angular-open-redirect.js │ │ ├── detect-angular-open-redirect.yaml │ │ ├── detect-angular-resource-loading.js │ │ ├── detect-angular-resource-loading.yaml │ │ ├── detect-angular-sce-disabled.js │ │ ├── detect-angular-sce-disabled.yaml │ │ ├── detect-angular-trust-as-css.js │ │ ├── detect-angular-trust-as-css.yaml │ │ ├── detect-angular-trust-as-html-method.js │ │ ├── detect-angular-trust-as-html-method.yaml │ │ ├── detect-angular-trust-as-js-method.js │ │ ├── detect-angular-trust-as-js-method.yaml │ │ ├── detect-angular-trust-as-method.js │ │ ├── detect-angular-trust-as-method.yaml │ │ ├── detect-angular-trust-as-resourceurl-method.js │ │ ├── detect-angular-trust-as-resourceurl-method.yaml │ │ ├── detect-angular-trust-as-url-method.js │ │ ├── detect-angular-trust-as-url-method.yaml │ │ ├── detect-third-party-angular-translate.js │ │ └── detect-third-party-angular-translate.yaml ├── apollo │ └── security │ │ ├── apollo-axios-ssrf.jsx │ │ └── apollo-axios-ssrf.yaml ├── argon2 │ └── security │ │ ├── unsafe-argon2-config.js │ │ └── unsafe-argon2-config.yaml ├── audit │ ├── detect-replaceall-sanitization.ts │ └── detect-replaceall-sanitization.yaml ├── aws-lambda │ └── security │ │ ├── detect-child-process.js │ │ ├── detect-child-process.yaml │ │ ├── dynamodb-request-object.js │ │ ├── dynamodb-request-object.yaml │ │ ├── knex-sqli.js │ │ ├── knex-sqli.yaml │ │ ├── mysql-sqli.js │ │ ├── mysql-sqli.yaml │ │ ├── pg-sqli.js │ │ ├── pg-sqli.yaml │ │ ├── sequelize-sqli.js │ │ ├── sequelize-sqli.yaml │ │ ├── tainted-eval.js │ │ ├── tainted-eval.yaml │ │ ├── tainted-html-response.js │ │ ├── tainted-html-response.yaml │ │ ├── tainted-html-string.js │ │ ├── tainted-html-string.yaml │ │ ├── tainted-sql-string.js │ │ ├── tainted-sql-string.yaml │ │ ├── vm-runincontext-injection.js │ │ └── vm-runincontext-injection.yaml ├── bluebird │ └── security │ │ └── audit │ │ ├── tofastproperties-code-execution.js │ │ └── tofastproperties-code-execution.yaml ├── browser │ └── security │ │ ├── dom-based-xss.js │ │ ├── dom-based-xss.yaml │ │ ├── eval-detected.js │ │ ├── eval-detected.yaml │ │ ├── insecure-document-method.js │ │ ├── insecure-document-method.yaml │ │ ├── insecure-innerhtml.js │ │ ├── insecure-innerhtml.yaml │ │ ├── insufficient-postmessage-origin-validation.js │ │ ├── insufficient-postmessage-origin-validation.yaml │ │ ├── open-redirect-from-function.js │ │ ├── open-redirect-from-function.yaml │ │ ├── open-redirect.js │ │ ├── open-redirect.yaml │ │ ├── raw-html-concat.js │ │ ├── raw-html-concat.yaml │ │ ├── raw-html-join.js │ │ ├── raw-html-join.yaml │ │ ├── wildcard-postmessage-configuration.js │ │ └── wildcard-postmessage-configuration.yaml ├── chrome-remote-interface │ └── security │ │ └── audit │ │ ├── chrome-remote-interface-compilescript-injection.js │ │ └── chrome-remote-interface-compilescript-injection.yaml ├── deno │ └── security │ │ └── audit │ │ ├── deno-dangerous-run.js │ │ └── deno-dangerous-run.yaml ├── express │ └── security │ │ ├── audit │ │ ├── express-check-csurf-middleware-usage.js │ │ ├── express-check-csurf-middleware-usage.yaml │ │ ├── express-check-directory-listing.js │ │ ├── express-check-directory-listing.yaml │ │ ├── express-cookie-settings.js │ │ ├── express-cookie-settings.yaml │ │ ├── express-detect-notevil-usage.ts │ │ ├── express-detect-notevil-usage.yaml │ │ ├── express-jwt-not-revoked.js │ │ ├── express-jwt-not-revoked.yaml │ │ ├── express-libxml-noent.js │ │ ├── express-libxml-noent.yaml │ │ ├── express-libxml-vm-noent.js │ │ ├── express-libxml-vm-noent.yaml │ │ ├── express-open-redirect.js │ │ ├── express-open-redirect.yaml │ │ ├── express-path-join-resolve-traversal.js │ │ ├── express-path-join-resolve-traversal.yaml │ │ ├── express-res-sendfile.ts │ │ ├── express-res-sendfile.yaml │ │ ├── express-session-hardcoded-secret.ts │ │ ├── express-session-hardcoded-secret.yaml │ │ ├── express-ssrf.ts │ │ ├── express-ssrf.yaml │ │ ├── express-third-party-object-deserialization.ts │ │ ├── express-third-party-object-deserialization.yaml │ │ ├── express-xml2json-xxe-event.js │ │ ├── express-xml2json-xxe-event.yaml │ │ ├── possible-user-input-redirect.js │ │ ├── possible-user-input-redirect.yaml │ │ ├── remote-property-injection.js │ │ ├── remote-property-injection.yaml │ │ ├── res-render-injection.js │ │ ├── res-render-injection.yaml │ │ └── xss │ │ │ ├── direct-response-write.js │ │ │ ├── direct-response-write.yaml │ │ │ ├── ejs │ │ │ ├── explicit-unescape.ejs │ │ │ ├── explicit-unescape.yaml │ │ │ ├── var-in-href.ejs │ │ │ ├── var-in-href.yaml │ │ │ ├── var-in-script-src.ejs │ │ │ ├── var-in-script-src.yaml │ │ │ ├── var-in-script-tag.ejs │ │ │ └── var-in-script-tag.yaml │ │ │ ├── mustache │ │ │ ├── escape-function-overwrite.js │ │ │ ├── escape-function-overwrite.yaml │ │ │ ├── explicit-unescape.mustache │ │ │ ├── explicit-unescape.yaml │ │ │ ├── var-in-script-tag.mustache │ │ │ └── var-in-script-tag.yaml │ │ │ └── pug │ │ │ ├── and-attributes.pug │ │ │ ├── and-attributes.yaml │ │ │ ├── explicit-unescape.pug │ │ │ ├── explicit-unescape.yaml │ │ │ ├── var-in-href.pug │ │ │ ├── var-in-href.yaml │ │ │ ├── var-in-script-tag.pug │ │ │ └── var-in-script-tag.yaml │ │ ├── cors-misconfiguration.js │ │ ├── cors-misconfiguration.yaml │ │ ├── express-data-exfiltration.js │ │ ├── express-data-exfiltration.yaml │ │ ├── express-expat-xxe.js │ │ ├── express-expat-xxe.yaml │ │ ├── express-insecure-template-usage.jsx │ │ ├── express-insecure-template-usage.yaml │ │ ├── express-jwt-hardcoded-secret.js │ │ ├── express-jwt-hardcoded-secret.yaml │ │ ├── express-phantom-injection.js │ │ ├── express-phantom-injection.yaml │ │ ├── express-puppeteer-injection.js │ │ ├── express-puppeteer-injection.yaml │ │ ├── express-sandbox-injection.js │ │ ├── express-sandbox-injection.yaml │ │ ├── express-vm-injection.js │ │ ├── express-vm-injection.yaml │ │ ├── express-vm2-injection.js │ │ ├── express-vm2-injection.yaml │ │ ├── express-wkhtml-injection.js │ │ ├── express-wkhtml-injection.yaml │ │ ├── express-xml2json-xxe.js │ │ ├── express-xml2json-xxe.yaml │ │ ├── injection │ │ ├── raw-html-format.js │ │ ├── raw-html-format.yaml │ │ ├── tainted-sql-string.js │ │ └── tainted-sql-string.yaml │ │ ├── require-request.js │ │ ├── require-request.yaml │ │ ├── x-frame-options-misconfiguration.js │ │ └── x-frame-options-misconfiguration.yaml ├── fbjs │ └── security │ │ └── audit │ │ ├── insecure-createnodesfrommarkup.js │ │ └── insecure-createnodesfrommarkup.yaml ├── grpc │ └── security │ │ ├── grpc-nodejs-insecure-connection.js │ │ └── grpc-nodejs-insecure-connection.yaml ├── intercom │ └── security │ │ └── audit │ │ ├── intercom-settings-user-identifier-without-user-hash.js │ │ └── intercom-settings-user-identifier-without-user-hash.yaml ├── jose │ └── security │ │ ├── audit │ │ ├── jose-exposed-data.js │ │ └── jose-exposed-data.yaml │ │ ├── jwt-hardcode.js │ │ ├── jwt-hardcode.yaml │ │ ├── jwt-none-alg.js │ │ └── jwt-none-alg.yaml ├── jquery │ └── security │ │ └── audit │ │ ├── jquery-insecure-method.js │ │ ├── jquery-insecure-method.yaml │ │ ├── jquery-insecure-selector.js │ │ ├── jquery-insecure-selector.yaml │ │ ├── prohibit-jquery-html.js │ │ └── prohibit-jquery-html.yaml ├── jsonwebtoken │ └── security │ │ ├── audit │ │ ├── example1.js │ │ ├── jwt-decode-without-verify.js │ │ ├── jwt-decode-without-verify.jsx │ │ ├── jwt-decode-without-verify.yaml │ │ ├── jwt-exposed-data.js │ │ └── jwt-exposed-data.yaml │ │ ├── example1.js │ │ ├── example2.js │ │ ├── example3.js │ │ ├── example4.js │ │ ├── jwt-hardcode.js │ │ ├── jwt-hardcode.yaml │ │ ├── jwt-none-alg.js │ │ ├── jwt-none-alg.yaml │ │ └── simple-examples.js ├── jwt-simple │ └── security │ │ ├── jwt-simple-noverify.js │ │ └── jwt-simple-noverify.yaml ├── lang │ ├── best-practice │ │ ├── assigned-undefined.js │ │ ├── assigned-undefined.yaml │ │ ├── lazy-load-module.js │ │ ├── lazy-load-module.yaml │ │ ├── leftover_debugging.js │ │ ├── leftover_debugging.yaml │ │ ├── zlib-async-loop.js │ │ └── zlib-async-loop.yaml │ ├── correctness │ │ ├── missing-template-string-indicator.js │ │ ├── missing-template-string-indicator.yaml │ │ ├── no-replaceall.js │ │ ├── no-replaceall.yaml │ │ ├── no-stringify-keys.jsx │ │ ├── no-stringify-keys.yaml │ │ ├── useless-assign.js │ │ ├── useless-assign.yaml │ │ ├── useless-eqeq.js │ │ └── useless-eqeq.yaml │ └── security │ │ ├── audit │ │ ├── code-string-concat.js │ │ ├── code-string-concat.yaml │ │ ├── dangerous-spawn-shell.js │ │ ├── dangerous-spawn-shell.yaml │ │ ├── detect-non-literal-fs-filename.js │ │ ├── detect-non-literal-fs-filename.ts │ │ ├── detect-non-literal-fs-filename.yaml │ │ ├── detect-non-literal-regexp.js │ │ ├── detect-non-literal-regexp.yaml │ │ ├── detect-non-literal-require.js │ │ ├── detect-non-literal-require.yaml │ │ ├── detect-redos.js │ │ ├── detect-redos.yaml │ │ ├── hardcoded-hmac-key.js │ │ ├── hardcoded-hmac-key.yaml │ │ ├── incomplete-sanitization.js │ │ ├── incomplete-sanitization.yaml │ │ ├── md5-used-as-password.js │ │ ├── md5-used-as-password.yaml │ │ ├── path-traversal │ │ │ ├── path-join-resolve-traversal.js │ │ │ ├── path-join-resolve-traversal.ts │ │ │ ├── path-join-resolve-traversal.yaml │ │ │ ├── real-example1.js │ │ │ └── real-example2.js │ │ ├── prototype-pollution │ │ │ ├── prototype-pollution-assignment.js │ │ │ ├── prototype-pollution-assignment.yaml │ │ │ ├── prototype-pollution-loop.js │ │ │ └── prototype-pollution-loop.yaml │ │ ├── spawn-shell-true.js │ │ ├── spawn-shell-true.yaml │ │ ├── sqli │ │ │ ├── node-knex-sqli.js │ │ │ ├── node-knex-sqli.yaml │ │ │ ├── node-mssql-sqli.js │ │ │ ├── node-mssql-sqli.yaml │ │ │ ├── node-mysql-sqli.js │ │ │ ├── node-mysql-sqli.yaml │ │ │ ├── node-postgres-sqli.js │ │ │ └── node-postgres-sqli.yaml │ │ ├── unknown-value-with-script-tag.js │ │ ├── unknown-value-with-script-tag.yaml │ │ ├── unsafe-dynamic-method.js │ │ ├── unsafe-dynamic-method.yaml │ │ ├── unsafe-formatstring.js │ │ └── unsafe-formatstring.yaml │ │ ├── detect-buffer-noassert.js │ │ ├── detect-buffer-noassert.yaml │ │ ├── detect-child-process.js │ │ ├── detect-child-process.ts │ │ ├── detect-child-process.yaml │ │ ├── detect-disable-mustache-escape.js │ │ ├── detect-disable-mustache-escape.yaml │ │ ├── detect-eval-with-expression.js │ │ ├── detect-eval-with-expression.yaml │ │ ├── detect-insecure-websocket.js │ │ ├── detect-insecure-websocket.yaml │ │ ├── detect-no-csrf-before-method-override.js │ │ ├── detect-no-csrf-before-method-override.yaml │ │ ├── detect-pseudoRandomBytes.js │ │ ├── detect-pseudoRandomBytes.yaml │ │ ├── html-in-template-string.js │ │ ├── html-in-template-string.yaml │ │ ├── insecure-object-assign.js │ │ ├── insecure-object-assign.yaml │ │ ├── spawn-git-clone.js │ │ └── spawn-git-clone.yaml ├── monaco-editor │ └── security │ │ └── audit │ │ ├── monaco-hover-htmlsupport.js │ │ └── monaco-hover-htmlsupport.yaml ├── node-crypto │ └── security │ │ ├── aead-no-final.js │ │ ├── aead-no-final.yaml │ │ ├── create-de-cipher-no-iv.js │ │ ├── create-de-cipher-no-iv.yaml │ │ ├── gcm-no-tag-length.js │ │ └── gcm-no-tag-length.yaml ├── node-expat │ └── security │ │ └── audit │ │ ├── expat-xxe.js │ │ └── expat-xxe.yaml ├── passport-jwt │ └── security │ │ ├── passport-hardcode.js │ │ └── passport-hardcode.yaml ├── phantom │ └── security │ │ └── audit │ │ ├── phantom-injection.js │ │ └── phantom-injection.yaml ├── playwright │ └── security │ │ └── audit │ │ ├── playwright-addinitscript-code-injection.js │ │ ├── playwright-addinitscript-code-injection.yaml │ │ ├── playwright-evaluate-arg-injection.js │ │ ├── playwright-evaluate-arg-injection.yaml │ │ ├── playwright-evaluate-code-injection.js │ │ ├── playwright-evaluate-code-injection.yaml │ │ ├── playwright-exposed-chrome-devtools.js │ │ ├── playwright-exposed-chrome-devtools.yaml │ │ ├── playwright-goto-injection.js │ │ ├── playwright-goto-injection.yaml │ │ ├── playwright-setcontent-injection.js │ │ └── playwright-setcontent-injection.yaml ├── puppeteer │ └── security │ │ └── audit │ │ ├── puppeteer-evaluate-arg-injection.js │ │ ├── puppeteer-evaluate-arg-injection.yaml │ │ ├── puppeteer-evaluate-code-injection.js │ │ ├── puppeteer-evaluate-code-injection.yaml │ │ ├── puppeteer-exposed-chrome-devtools.js │ │ ├── puppeteer-exposed-chrome-devtools.yaml │ │ ├── puppeteer-goto-injection.js │ │ ├── puppeteer-goto-injection.yaml │ │ ├── puppeteer-setcontent-injection.js │ │ └── puppeteer-setcontent-injection.yaml ├── react │ └── correctness │ │ └── hooks │ │ ├── set-state-no-op.jsx │ │ └── set-state-no-op.yaml ├── sandbox │ └── security │ │ └── audit │ │ ├── sandbox-code-injection.js │ │ └── sandbox-code-injection.yaml ├── sax │ └── security │ │ └── audit │ │ ├── sax-xxe.js │ │ └── sax-xxe.yaml ├── sequelize │ └── security │ │ └── audit │ │ ├── sequelize-enforce-tls.js │ │ ├── sequelize-enforce-tls.yaml │ │ ├── sequelize-injection-express.ts │ │ ├── sequelize-injection-express.yaml │ │ ├── sequelize-raw-query.js │ │ ├── sequelize-raw-query.yaml │ │ ├── sequelize-tls-disabled-cert-validation.js │ │ ├── sequelize-tls-disabled-cert-validation.yaml │ │ ├── sequelize-weak-tls-version.js │ │ └── sequelize-weak-tls-version.yaml ├── serialize-javascript │ └── security │ │ └── audit │ │ ├── unsafe-serialize-javascript.js │ │ └── unsafe-serialize-javascript.yaml ├── shelljs │ └── security │ │ ├── shelljs-exec-injection.js │ │ └── shelljs-exec-injection.yaml ├── thenify │ └── security │ │ └── audit │ │ ├── multiargs-code-execution.js │ │ └── multiargs-code-execution.yaml ├── vm2 │ └── security │ │ └── audit │ │ ├── vm2-code-injection.js │ │ ├── vm2-code-injection.yaml │ │ ├── vm2-context-injection.js │ │ └── vm2-context-injection.yaml ├── vue │ └── security │ │ └── audit │ │ └── xss │ │ └── templates │ │ ├── avoid-v-html.vue │ │ └── avoid-v-html.yaml ├── wkhtmltoimage │ └── security │ │ └── audit │ │ ├── wkhtmltoimage-injection.js │ │ └── wkhtmltoimage-injection.yaml ├── wkhtmltopdf │ └── security │ │ └── audit │ │ ├── wkhtmltopdf-injection.js │ │ └── wkhtmltopdf-injection.yaml └── xml2json │ └── security │ └── audit │ ├── xml2json-xxe.js │ └── xml2json-xxe.yaml ├── json ├── aws │ └── security │ │ ├── public-s3-bucket.json │ │ ├── public-s3-bucket.yaml │ │ ├── public-s3-policy-statement.json │ │ ├── public-s3-policy-statement.yaml │ │ ├── wildcard-assume-role.json │ │ └── wildcard-assume-role.yaml └── npm │ └── security │ ├── package-dependencies-check.package.json │ └── package-dependencies-check.yml ├── kotlin ├── gradle │ └── security │ │ ├── build-gradle-password-hardcoded.build.gradle.kts │ │ └── build-gradle-password-hardcoded.yaml └── lang │ └── security │ ├── anonymous-ldap-bind.kt │ ├── anonymous-ldap-bind.yaml │ ├── bad-hexa-conversion.kt │ ├── bad-hexa-conversion.yaml │ ├── command-injection-formatted-runtime-call.kt │ ├── command-injection-formatted-runtime-call.yaml │ ├── cookie-missing-httponly.kt │ ├── cookie-missing-httponly.yaml │ ├── cookie-missing-secure-flag.kt │ ├── cookie-missing-secure-flag.yaml │ ├── defaulthttpclient-is-deprecated.kt │ ├── defaulthttpclient-is-deprecated.yaml │ ├── ecb-cipher.kt │ ├── ecb-cipher.yaml │ ├── gcm-detection.kt │ ├── gcm-detection.yaml │ ├── no-null-cipher.kt │ ├── no-null-cipher.yaml │ ├── unencrypted-socket.kt │ ├── unencrypted-socket.yaml │ ├── use-of-md5.kt │ ├── use-of-md5.yaml │ ├── use-of-sha1.kt │ ├── use-of-sha1.yaml │ ├── weak-rsa.kt │ └── weak-rsa.yaml ├── libsonnet └── metadata │ └── cwe.libsonnet ├── metadata-schema.yaml.schm ├── ocaml └── lang │ ├── best-practice │ ├── bool.ml │ ├── bool.yaml │ ├── exception.ml │ ├── exception.yaml │ ├── hashtbl.ml │ ├── hashtbl.yaml │ ├── ifs.ml │ ├── ifs.yaml │ ├── list.ml │ ├── list.yaml │ ├── ref.ml │ ├── ref.yaml │ ├── string.ml │ └── string.yaml │ ├── compatibility │ ├── deprecated.ml │ └── deprecated.yaml │ ├── correctness │ ├── physical-vs-structural.ml │ ├── physical-vs-structural.yaml │ ├── useless-compare.ml │ ├── useless-compare.yaml │ ├── useless-eq.ml │ ├── useless-eq.yaml │ ├── useless-if.ml │ ├── useless-if.yaml │ ├── useless-let.ml │ └── useless-let.yaml │ ├── performance │ ├── list.ml │ └── list.yaml │ ├── portability │ ├── crlf-support.ml │ ├── crlf-support.yaml │ ├── slash-tmp.ml │ └── slash-tmp.yaml │ └── security │ ├── digest.ml │ ├── digest.yaml │ ├── exec.ml │ ├── exec.yaml │ ├── filenameconcat.ml │ ├── filenameconcat.yaml │ ├── hashtable-dos.ml │ ├── hashtable-dos.yaml │ ├── marshal.ml │ ├── marshal.yaml │ ├── tempfile.ml │ ├── tempfile.yaml │ ├── unsafe.ml │ └── unsafe.yaml ├── php ├── doctrine │ └── security │ │ └── audit │ │ ├── doctrine-dbal-dangerous-query.php │ │ ├── doctrine-dbal-dangerous-query.yaml │ │ ├── doctrine-orm-dangerous-query.php │ │ └── doctrine-orm-dangerous-query.yaml ├── lang │ ├── correctness │ │ ├── empty-with-boolean-expression.php │ │ └── empty-with-boolean-expression.yaml │ └── security │ │ ├── assert-use.php │ │ ├── assert-use.yaml │ │ ├── audit │ │ ├── assert-use-audit.php │ │ ├── assert-use-audit.yaml │ │ ├── openssl-decrypt-validate.php │ │ ├── openssl-decrypt-validate.yaml │ │ ├── sha224-hash.php │ │ └── sha224-hash.yaml │ │ ├── backticks-use.php │ │ ├── backticks-use.yaml │ │ ├── base-convert-loses-precision.php │ │ ├── base-convert-loses-precision.yaml │ │ ├── curl-ssl-verifypeer-off.php │ │ ├── curl-ssl-verifypeer-off.yaml │ │ ├── deserialization.php │ │ ├── deserialization.yaml │ │ ├── eval-use.php │ │ ├── eval-use.yaml │ │ ├── exec-use.php │ │ ├── exec-use.yaml │ │ ├── file-inclusion.php │ │ ├── file-inclusion.yaml │ │ ├── ftp-use.php │ │ ├── ftp-use.yaml │ │ ├── injection │ │ ├── echoed-request.php │ │ ├── echoed-request.yaml │ │ ├── printed-request.php │ │ ├── printed-request.yaml │ │ ├── tainted-callable.php │ │ ├── tainted-callable.yaml │ │ ├── tainted-exec.php │ │ ├── tainted-exec.yaml │ │ ├── tainted-filename.php │ │ ├── tainted-filename.yaml │ │ ├── tainted-object-instantiation.php │ │ ├── tainted-object-instantiation.yaml │ │ ├── tainted-session.php │ │ ├── tainted-session.yaml │ │ ├── tainted-sql-string.php │ │ ├── tainted-sql-string.yaml │ │ ├── tainted-url-host.php │ │ └── tainted-url-host.yaml │ │ ├── ldap-bind-without-password.php │ │ ├── ldap-bind-without-password.yaml │ │ ├── mb-ereg-replace-eval.php │ │ ├── mb-ereg-replace-eval.yaml │ │ ├── mcrypt-use.php │ │ ├── mcrypt-use.yaml │ │ ├── md5-loose-equality.php │ │ ├── md5-loose-equality.yaml │ │ ├── md5-used-as-password.php │ │ ├── md5-used-as-password.yaml │ │ ├── openssl-cbc-static-iv.php │ │ ├── openssl-cbc-static-iv.yaml │ │ ├── php-permissive-cors.php │ │ ├── php-permissive-cors.yaml │ │ ├── php-ssrf.php │ │ ├── php-ssrf.yaml │ │ ├── phpinfo-use.php │ │ ├── phpinfo-use.yaml │ │ ├── redirect-to-request-uri.php │ │ ├── redirect-to-request-uri.yaml │ │ ├── tainted-exec.php │ │ ├── tainted-exec.yaml │ │ ├── unlink-use.php │ │ ├── unlink-use.yaml │ │ ├── unserialize-use.php │ │ ├── unserialize-use.yaml │ │ ├── weak-crypto.php │ │ └── weak-crypto.yaml ├── laravel │ └── security │ │ ├── laravel-active-debug-code.php │ │ ├── laravel-active-debug-code.yaml │ │ ├── laravel-api-route-sql-injection.php │ │ ├── laravel-api-route-sql-injection.yaml │ │ ├── laravel-blade-form-missing-csrf.blade.php │ │ ├── laravel-blade-form-missing-csrf.yaml │ │ ├── laravel-cookie-http-only.session.php │ │ ├── laravel-cookie-http-only.yaml │ │ ├── laravel-cookie-long-timeout.session.php │ │ ├── laravel-cookie-long-timeout.yaml │ │ ├── laravel-cookie-null-domain.session.php │ │ ├── laravel-cookie-null-domain.yaml │ │ ├── laravel-cookie-same-site.session.php │ │ ├── laravel-cookie-same-site.yaml │ │ ├── laravel-cookie-secure-set.session.php │ │ ├── laravel-cookie-secure-set.yaml │ │ ├── laravel-dangerous-model-construction.php │ │ ├── laravel-dangerous-model-construction.yaml │ │ ├── laravel-sql-injection.php │ │ ├── laravel-sql-injection.yaml │ │ ├── laravel-unsafe-validator.php │ │ └── laravel-unsafe-validator.yaml ├── symfony │ └── security │ │ └── audit │ │ ├── symfony-csrf-protection-disabled.php │ │ ├── symfony-csrf-protection-disabled.yaml │ │ ├── symfony-non-literal-redirect.php │ │ ├── symfony-non-literal-redirect.yaml │ │ ├── symfony-permissive-cors.php │ │ └── symfony-permissive-cors.yaml └── wordpress-plugins │ └── security │ └── audit │ ├── wp-ajax-no-auth-and-auth-hooks-audit.php │ ├── wp-ajax-no-auth-and-auth-hooks-audit.yaml │ ├── wp-authorisation-checks-audit.php │ ├── wp-authorisation-checks-audit.yaml │ ├── wp-code-execution-audit.php │ ├── wp-code-execution-audit.yaml │ ├── wp-command-execution-audit.php │ ├── wp-command-execution-audit.yaml │ ├── wp-csrf-audit.php │ ├── wp-csrf-audit.yaml │ ├── wp-file-download-audit.php │ ├── wp-file-download-audit.yaml │ ├── wp-file-inclusion-audit.php │ ├── wp-file-inclusion-audit.yaml │ ├── wp-file-manipulation-audit.php │ ├── wp-file-manipulation-audit.yaml │ ├── wp-open-redirect-audit.php │ ├── wp-open-redirect-audit.yaml │ ├── wp-php-object-injection-audit.php │ ├── wp-php-object-injection-audit.yaml │ ├── wp-sql-injection-audit.php │ ├── wp-sql-injection-audit.yaml │ ├── wp-ssrf-audit.php │ └── wp-ssrf-audit.yaml ├── problem-based-packs └── insecure-transport │ ├── go-stdlib │ ├── bypass-tls-verification.go │ ├── bypass-tls-verification.yaml │ ├── disallow-old-tls-versions.go │ ├── disallow-old-tls-versions.yaml │ ├── ftp-request.go │ ├── ftp-request.yaml │ ├── gorequest-http-request.go │ ├── gorequest-http-request.yaml │ ├── grequests-http-request.go │ ├── grequests-http-request.yaml │ ├── http-customized-request.go │ ├── http-customized-request.yaml │ ├── http-request.go │ ├── http-request.yaml │ ├── sling-http-request.go │ ├── sling-http-request.yaml │ ├── telnet-request.go │ └── telnet-request.yaml │ ├── java-spring │ ├── bypass-tls-verification.java │ ├── bypass-tls-verification.yaml │ ├── spring-ftp-request.java │ ├── spring-ftp-request.yaml │ ├── spring-http-request.java │ └── spring-http-request.yaml │ ├── java-stdlib │ ├── bypass-tls-verification.java │ ├── bypass-tls-verification.yaml │ ├── disallow-old-tls-versions1.java │ ├── disallow-old-tls-versions1.yaml │ ├── disallow-old-tls-versions2.java │ ├── disallow-old-tls-versions2.yaml │ ├── ftp-request.java │ ├── ftp-request.yaml │ ├── http-components-request.java │ ├── http-components-request.yaml │ ├── httpclient-http-request.java │ ├── httpclient-http-request.yaml │ ├── httpget-http-request.java │ ├── httpget-http-request.yaml │ ├── httpurlconnection-http-request.java │ ├── httpurlconnection-http-request.yaml │ ├── socket-request.java │ ├── socket-request.yaml │ ├── telnet-request.java │ ├── telnet-request.yaml │ ├── tls-renegotiation.java │ ├── tls-renegotiation.yaml │ ├── unirest-http-request.java │ └── unirest-http-request.yaml │ ├── js-node │ ├── bypass-tls-verification.js │ ├── bypass-tls-verification.yaml │ ├── disallow-old-tls-versions1.js │ ├── disallow-old-tls-versions1.yaml │ ├── disallow-old-tls-versions2.js │ ├── disallow-old-tls-versions2.yaml │ ├── ftp-request.js │ ├── ftp-request.yaml │ ├── http-request.js │ ├── http-request.yaml │ ├── rest-http-client-support.js │ ├── rest-http-client-support.yaml │ ├── telnet-request.js │ ├── telnet-request.yaml │ ├── using-http-server.js │ └── using-http-server.yaml │ └── ruby-stdlib │ ├── http-client-requests.rb │ ├── http-client-requests.yaml │ ├── net-ftp-request.rb │ ├── net-ftp-request.yaml │ ├── net-http-request.rb │ ├── net-http-request.yaml │ ├── net-telnet-request.rb │ ├── net-telnet-request.yaml │ ├── openuri-request.rb │ └── openuri-request.yaml ├── python ├── airflow │ └── security │ │ └── audit │ │ ├── formatted-string-bashoperator.py │ │ └── formatted-string-bashoperator.yaml ├── attr │ └── correctness │ │ ├── mutable-initializer.py │ │ └── mutable-initializer.yaml ├── aws-lambda │ └── security │ │ ├── dangerous-asyncio-create-exec.py │ │ ├── dangerous-asyncio-create-exec.yaml │ │ ├── dangerous-asyncio-exec.py │ │ ├── dangerous-asyncio-exec.yaml │ │ ├── dangerous-asyncio-shell.py │ │ ├── dangerous-asyncio-shell.yaml │ │ ├── dangerous-spawn-process.py │ │ ├── dangerous-spawn-process.yaml │ │ ├── dangerous-subprocess-use.py │ │ ├── dangerous-subprocess-use.yaml │ │ ├── dangerous-system-call.py │ │ ├── dangerous-system-call.yaml │ │ ├── dynamodb-filter-injection.py │ │ ├── dynamodb-filter-injection.yaml │ │ ├── mysql-sqli.py │ │ ├── mysql-sqli.yaml │ │ ├── psycopg-sqli.py │ │ ├── psycopg-sqli.yaml │ │ ├── pymssql-sqli.py │ │ ├── pymssql-sqli.yaml │ │ ├── pymysql-sqli.py │ │ ├── pymysql-sqli.yaml │ │ ├── sqlalchemy-sqli.py │ │ ├── sqlalchemy-sqli.yaml │ │ ├── tainted-code-exec.py │ │ ├── tainted-code-exec.yaml │ │ ├── tainted-html-response.py │ │ ├── tainted-html-response.yaml │ │ ├── tainted-html-string.py │ │ ├── tainted-html-string.yaml │ │ ├── tainted-pickle-deserialization.py │ │ ├── tainted-pickle-deserialization.yaml │ │ ├── tainted-sql-string.py │ │ └── tainted-sql-string.yaml ├── bokeh │ └── maintainability │ │ └── deprecated │ │ ├── deprecated_apis.py │ │ └── deprecated_apis.yaml ├── boto3 │ └── security │ │ ├── hardcoded-token.py │ │ └── hardcoded-token.yaml ├── click │ └── best-practice │ │ ├── echo-style.py │ │ └── echo-style.yaml ├── correctness │ ├── check-is-none-explicitly.py │ ├── check-is-none-explicitly.yaml │ ├── socket-shutdown-close.py │ ├── socket-shutdown-close.yaml │ ├── suppressed-exception-handling-finally-break.py │ └── suppressed-exception-handling-finally-break.yaml ├── cryptography │ └── security │ │ ├── empty-aes-key.py │ │ ├── empty-aes-key.yaml │ │ ├── insecure-cipher-algorithms-arc4.fixed.py │ │ ├── insecure-cipher-algorithms-arc4.py │ │ ├── insecure-cipher-algorithms-arc4.yaml │ │ ├── insecure-cipher-algorithms-blowfish.fixed.py │ │ ├── insecure-cipher-algorithms-blowfish.py │ │ ├── insecure-cipher-algorithms-blowfish.yaml │ │ ├── insecure-cipher-algorithms.fixed.py │ │ ├── insecure-cipher-algorithms.py │ │ ├── insecure-cipher-algorithms.yaml │ │ ├── insecure-cipher-mode-ecb.fixed.py │ │ ├── insecure-cipher-mode-ecb.py │ │ ├── insecure-cipher-mode-ecb.yaml │ │ ├── insecure-hash-algorithms-md5.fixed.py │ │ ├── insecure-hash-algorithms-md5.py │ │ ├── insecure-hash-algorithms-md5.yaml │ │ ├── insecure-hash-algorithms.fixed.py │ │ ├── insecure-hash-algorithms.py │ │ ├── insecure-hash-algorithms.yaml │ │ ├── insufficient-dsa-key-size.fixed.py │ │ ├── insufficient-dsa-key-size.py │ │ ├── insufficient-dsa-key-size.yaml │ │ ├── insufficient-ec-key-size.fixed.py │ │ ├── insufficient-ec-key-size.py │ │ ├── insufficient-ec-key-size.yaml │ │ ├── insufficient-rsa-key-size.fixed.py │ │ ├── insufficient-rsa-key-size.py │ │ ├── insufficient-rsa-key-size.yaml │ │ ├── mode-without-authentication.py │ │ └── mode-without-authentication.yaml ├── distributed │ ├── security.fixed.py │ ├── security.py │ └── security.yaml ├── django │ ├── best-practice │ │ ├── json_response.py │ │ ├── json_response.yaml │ │ ├── upsell_django_environ.py │ │ ├── upsell_django_environ.yaml │ │ ├── use-onetoonefield.py │ │ └── use-onetoonefield.yaml │ ├── compatibility │ │ ├── django-2_0-compat.py │ │ └── django-2_0-compat.yaml │ ├── correctness │ │ ├── model-save.py │ │ ├── model-save.yaml │ │ ├── nontext-field-must-set-null-true.py │ │ ├── nontext-field-must-set-null-true.yaml │ │ ├── string-field-null-checks-import.py │ │ ├── string-field-null-checks.py │ │ ├── string-field-null-checks.yaml │ │ ├── use-decimalfield-for-money.py │ │ └── use-decimalfield-for-money.yaml │ ├── maintainability │ │ ├── duplicate-path-assignment.py │ │ └── duplicate-path-assignment.yaml │ ├── performance │ │ ├── access-foreign-keys.py │ │ ├── access-foreign-keys.yaml │ │ ├── upsell-count.py │ │ ├── upsell-count.yaml │ │ ├── upsell_earliest_latest.py │ │ └── upsell_earliest_latest.yaml │ ├── security │ │ ├── audit │ │ │ ├── avoid-insecure-deserialization.py │ │ │ ├── avoid-insecure-deserialization.yaml │ │ │ ├── avoid-mark-safe.py │ │ │ ├── avoid-mark-safe.yaml │ │ │ ├── csrf-exempt.py │ │ │ ├── csrf-exempt.yaml │ │ │ ├── custom-expression-as-sql.py │ │ │ ├── custom-expression-as-sql.yaml │ │ │ ├── django-rest-framework │ │ │ │ ├── missing-throttle-config.py │ │ │ │ └── missing-throttle-config.yaml │ │ │ ├── extends-custom-expression.py │ │ │ ├── extends-custom-expression.yaml │ │ │ ├── query-set-extra.py │ │ │ ├── query-set-extra.yaml │ │ │ ├── raw-query.py │ │ │ ├── raw-query.yaml │ │ │ ├── secure-cookies.py │ │ │ ├── secure-cookies.yaml │ │ │ ├── templates │ │ │ │ ├── debug-template-tag.html │ │ │ │ └── debug-template-tag.yaml │ │ │ ├── unvalidated-password.fixed.py │ │ │ ├── unvalidated-password.py │ │ │ ├── unvalidated-password.yaml │ │ │ └── xss │ │ │ │ ├── class-extends-safestring.py │ │ │ │ ├── class-extends-safestring.yaml │ │ │ │ ├── context-autoescape-off.fixed.py │ │ │ │ ├── context-autoescape-off.py │ │ │ │ ├── context-autoescape-off.yaml │ │ │ │ ├── direct-use-of-httpresponse.py │ │ │ │ ├── direct-use-of-httpresponse.yaml │ │ │ │ ├── filter-with-is-safe.py │ │ │ │ ├── filter-with-is-safe.yaml │ │ │ │ ├── formathtml-fstring-parameter.py │ │ │ │ ├── formathtml-fstring-parameter.yaml │ │ │ │ ├── global-autoescape-off.fixed.py │ │ │ │ ├── global-autoescape-off.py │ │ │ │ ├── global-autoescape-off.yaml │ │ │ │ ├── html-magic-method.py │ │ │ │ ├── html-magic-method.yaml │ │ │ │ ├── html-safe.py │ │ │ │ ├── html-safe.yaml │ │ │ │ ├── template-autoescape-off.html │ │ │ │ ├── template-autoescape-off.yaml │ │ │ │ ├── template-blocktranslate-no-escape.html │ │ │ │ ├── template-blocktranslate-no-escape.yaml │ │ │ │ ├── template-translate-as-no-escape.html │ │ │ │ ├── template-translate-as-no-escape.yaml │ │ │ │ ├── template-var-unescaped-with-safeseq.html │ │ │ │ └── template-var-unescaped-with-safeseq.yaml │ │ ├── django-no-csrf-token.html │ │ ├── django-no-csrf-token.yaml │ │ ├── django-using-request-post-after-is-valid.py │ │ ├── django-using-request-post-after-is-valid.yaml │ │ ├── globals-as-template-context.py │ │ ├── globals-as-template-context.yaml │ │ ├── hashids-with-django-secret.py │ │ ├── hashids-with-django-secret.yaml │ │ ├── injection │ │ │ ├── README.md │ │ │ ├── code │ │ │ │ ├── globals-misuse-code-execution.py │ │ │ │ ├── globals-misuse-code-execution.yaml │ │ │ │ ├── user-eval-format-string.py │ │ │ │ ├── user-eval-format-string.yaml │ │ │ │ ├── user-eval.py │ │ │ │ ├── user-eval.yaml │ │ │ │ ├── user-exec-format-string.py │ │ │ │ ├── user-exec-format-string.yaml │ │ │ │ ├── user-exec.py │ │ │ │ └── user-exec.yaml │ │ │ ├── command │ │ │ │ ├── command-injection-os-system.py │ │ │ │ ├── command-injection-os-system.yaml │ │ │ │ ├── subprocess-injection.py │ │ │ │ └── subprocess-injection.yaml │ │ │ ├── csv-writer-injection.py │ │ │ ├── csv-writer-injection.yaml │ │ │ ├── email │ │ │ │ ├── xss-html-email-body.py │ │ │ │ ├── xss-html-email-body.yaml │ │ │ │ ├── xss-send-mail-html-message.py │ │ │ │ └── xss-send-mail-html-message.yaml │ │ │ ├── mass-assignment.py │ │ │ ├── mass-assignment.yaml │ │ │ ├── open-redirect.py │ │ │ ├── open-redirect.yaml │ │ │ ├── path-traversal │ │ │ │ ├── path-traversal-file-name.py │ │ │ │ ├── path-traversal-file-name.yaml │ │ │ │ ├── path-traversal-join.py │ │ │ │ ├── path-traversal-join.yaml │ │ │ │ ├── path-traversal-open.py │ │ │ │ └── path-traversal-open.yaml │ │ │ ├── raw-html-format.py │ │ │ ├── raw-html-format.yaml │ │ │ ├── reflected-data-httpresponse.py │ │ │ ├── reflected-data-httpresponse.yaml │ │ │ ├── reflected-data-httpresponsebadrequest.py │ │ │ ├── reflected-data-httpresponsebadrequest.yaml │ │ │ ├── request-data-fileresponse.py │ │ │ ├── request-data-fileresponse.yaml │ │ │ ├── request-data-write.py │ │ │ ├── request-data-write.yaml │ │ │ ├── sql │ │ │ │ ├── sql-injection-extra.py │ │ │ │ ├── sql-injection-extra.yaml │ │ │ │ ├── sql-injection-rawsql.py │ │ │ │ ├── sql-injection-rawsql.yaml │ │ │ │ ├── sql-injection-using-db-cursor-execute.py │ │ │ │ ├── sql-injection-using-db-cursor-execute.yaml │ │ │ │ ├── sql-injection-using-raw.py │ │ │ │ └── sql-injection-using-raw.yaml │ │ │ ├── ssrf │ │ │ │ ├── ssrf-injection-requests.py │ │ │ │ ├── ssrf-injection-requests.yaml │ │ │ │ ├── ssrf-injection-urllib.py │ │ │ │ └── ssrf-injection-urllib.yaml │ │ │ ├── tainted-sql-string.py │ │ │ ├── tainted-sql-string.yaml │ │ │ ├── tainted-url-host.py │ │ │ └── tainted-url-host.yaml │ │ ├── locals-as-template-context.py │ │ ├── locals-as-template-context.yaml │ │ ├── nan-injection.py │ │ ├── nan-injection.yaml │ │ └── passwords │ │ │ ├── password-empty-string.py │ │ │ ├── password-empty-string.yaml │ │ │ ├── use-none-for-password-default.fixed.py │ │ │ ├── use-none-for-password-default.py │ │ │ └── use-none-for-password-default.yaml │ └── sensitive-variables.py ├── docker │ └── security │ │ └── audit │ │ ├── docker-arbitrary-container-run.py │ │ └── docker-arbitrary-container-run.yaml ├── fastapi │ └── security │ │ ├── wildcard-cors.py │ │ └── wildcard-cors.yaml ├── flask │ ├── best-practice │ │ ├── get-class-method-with-side-effects.py │ │ ├── get-class-method-with-side-effects.yaml │ │ ├── use-jsonify.fixed.py │ │ ├── use-jsonify.py │ │ └── use-jsonify.yaml │ ├── caching │ │ ├── query-string.py │ │ └── query-string.yaml │ ├── correctness │ │ ├── access-request-in-wrong-handler.py │ │ ├── access-request-in-wrong-handler.yaml │ │ ├── same-handler-name.py │ │ └── same-handler-name.yaml │ ├── maintainability │ │ └── deprecated │ │ │ ├── deprecated-apis.py │ │ │ └── deprecated-apis.yaml │ └── security │ │ ├── audit │ │ ├── app-run-param-config.py │ │ ├── app-run-param-config.yaml │ │ ├── app-run-security-config.py │ │ ├── app-run-security-config.yaml │ │ ├── debug-enabled.py │ │ ├── debug-enabled.yaml │ │ ├── directly-returned-format-string.py │ │ ├── directly-returned-format-string.yaml │ │ ├── flask-cors-misconfiguration.py │ │ ├── flask-cors-misconfiguration.yaml │ │ ├── flask-url-for-external-true.py │ │ ├── flask-url-for-external-true.yaml │ │ ├── hardcoded-config.py │ │ ├── hardcoded-config.yaml │ │ ├── host-header-injection-python.py │ │ ├── host-header-injection-python.yaml │ │ ├── render-template-string.py │ │ ├── render-template-string.yaml │ │ ├── secure-set-cookie.py │ │ ├── secure-set-cookie.yaml │ │ ├── wtf-csrf-disabled.fixed.py │ │ ├── wtf-csrf-disabled.py │ │ ├── wtf-csrf-disabled.yaml │ │ └── xss │ │ │ ├── make-response-with-unknown-content.py │ │ │ └── make-response-with-unknown-content.yaml │ │ ├── dangerous-template-string.py │ │ ├── dangerous-template-string.yaml │ │ ├── flask-api-method-string-format.py │ │ ├── flask-api-method-string-format.yaml │ │ ├── hashids-with-flask-secret.py │ │ ├── hashids-with-flask-secret.yaml │ │ ├── injection │ │ ├── csv-writer-injection.py │ │ ├── csv-writer-injection.yaml │ │ ├── nan-injection.py │ │ ├── nan-injection.yaml │ │ ├── os-system-injection.py │ │ ├── os-system-injection.yaml │ │ ├── path-traversal-open.py │ │ ├── path-traversal-open.yaml │ │ ├── raw-html-concat.py │ │ ├── raw-html-concat.yaml │ │ ├── ssrf-requests.py │ │ ├── ssrf-requests.yaml │ │ ├── subprocess-injection.py │ │ ├── subprocess-injection.yaml │ │ ├── tainted-sql-string.py │ │ ├── tainted-sql-string.yaml │ │ ├── tainted-url-host.py │ │ ├── tainted-url-host.yaml │ │ ├── user-eval.py │ │ ├── user-eval.yaml │ │ ├── user-exec.py │ │ └── user-exec.yaml │ │ ├── insecure-deserialization.py │ │ ├── insecure-deserialization.yaml │ │ ├── open-redirect.py │ │ ├── open-redirect.yaml │ │ ├── secure-static-file-serve.py │ │ ├── secure-static-file-serve.yaml │ │ ├── unescaped-template-extension.py │ │ ├── unescaped-template-extension.yaml │ │ ├── unsanitized-input.py │ │ ├── unsanitized-input.yaml │ │ └── xss │ │ └── audit │ │ ├── direct-use-of-jinja2.py │ │ ├── direct-use-of-jinja2.yaml │ │ ├── explicit-unescape-with-markup.py │ │ ├── explicit-unescape-with-markup.yaml │ │ ├── template-autoescape-off.html │ │ ├── template-autoescape-off.yaml │ │ ├── template-unescaped-with-safe.html │ │ ├── template-unescaped-with-safe.yaml │ │ ├── template-unquoted-attribute-var.fixed.html │ │ ├── template-unquoted-attribute-var.fixed.py │ │ ├── template-unquoted-attribute-var.html │ │ ├── template-unquoted-attribute-var.py │ │ └── template-unquoted-attribute-var.yaml ├── jinja2 │ └── security │ │ └── audit │ │ ├── autoescape-disabled-false.fixed.py │ │ ├── autoescape-disabled-false.py │ │ ├── autoescape-disabled-false.yaml │ │ ├── missing-autoescape-disabled.fixed.py │ │ ├── missing-autoescape-disabled.py │ │ └── missing-autoescape-disabled.yaml ├── jwt │ └── security │ │ ├── audit │ │ ├── jwt-exposed-data.py │ │ └── jwt-exposed-data.yaml │ │ ├── jwt-exposed-credentials.py │ │ ├── jwt-exposed-credentials.yaml │ │ ├── jwt-hardcode.py │ │ ├── jwt-hardcode.yaml │ │ ├── jwt-none-alg.py │ │ ├── jwt-none-alg.yaml │ │ ├── unverified-jwt-decode.fixed.py │ │ ├── unverified-jwt-decode.py │ │ └── unverified-jwt-decode.yaml ├── lang │ ├── best-practice │ │ ├── hardcoded-tmp-path.py │ │ ├── hardcoded-tmp-path.yaml │ │ ├── logging-error-without-handling.py │ │ ├── logging-error-without-handling.yaml │ │ ├── manual-collections-create.py │ │ ├── manual-collections-create.yaml │ │ ├── missing-hash-with-eq.py │ │ ├── missing-hash-with-eq.yaml │ │ ├── open-never-closed.py │ │ ├── open-never-closed.yaml │ │ ├── pass-body.py │ │ ├── pass-body.yaml │ │ ├── pdb.py │ │ ├── pdb.yaml │ │ ├── sleep.py │ │ ├── sleep.yaml │ │ ├── unspecified-open-encoding.py │ │ └── unspecified-open-encoding.yaml │ ├── compatibility │ │ ├── python36.py │ │ ├── python36.yaml │ │ ├── python37.py │ │ └── python37.yaml │ ├── correctness │ │ ├── baseclass-attribute-override.py │ │ ├── baseclass-attribute-override.yaml │ │ ├── cannot-cache-generators.py │ │ ├── cannot-cache-generators.yaml │ │ ├── common-mistakes │ │ │ ├── default-mutable-dict.py │ │ │ ├── default-mutable-dict.yaml │ │ │ ├── default-mutable-list.py │ │ │ ├── default-mutable-list.yaml │ │ │ ├── is-comparison-string.py │ │ │ ├── is-comparison-string.yaml │ │ │ ├── is-not-is-not.py │ │ │ ├── is-not-is-not.yaml │ │ │ ├── string-concat-in-list.py │ │ │ └── string-concat-in-list.yaml │ │ ├── concurrent.py │ │ ├── concurrent.yaml │ │ ├── dict-modify-iterating.py │ │ ├── dict-modify-iterating.yaml │ │ ├── exceptions │ │ │ ├── exceptions.py │ │ │ └── exceptions.yaml │ │ ├── exit.fixed.py │ │ ├── exit.py │ │ ├── exit.yaml │ │ ├── file-object-redefined-before-close.py │ │ ├── file-object-redefined-before-close.yaml │ │ ├── list-modify-iterating.py │ │ ├── list-modify-iterating.yaml │ │ ├── pdb.py │ │ ├── pdb.yaml │ │ ├── pytest-assert_match-after-path-patch.py │ │ ├── pytest-assert_match-after-path-patch.yaml │ │ ├── return-in-init.py │ │ ├── return-in-init.yaml │ │ ├── sync-sleep-in-async-code.py │ │ ├── sync-sleep-in-async-code.yaml │ │ ├── tempfile │ │ │ ├── flush.py │ │ │ ├── flush.yaml │ │ │ ├── mktemp.py │ │ │ └── mktemp.yaml │ │ ├── test-is-missing-assert.py │ │ ├── test-is-missing-assert.yaml │ │ ├── unchecked-returns.fixed.py │ │ ├── unchecked-returns.py │ │ ├── unchecked-returns.yaml │ │ ├── useless-comparison.py │ │ ├── useless-comparison.yaml │ │ ├── useless-eqeq.py │ │ ├── useless-eqeq.yaml │ │ ├── writing-to-file-in-read-mode.py │ │ └── writing-to-file-in-read-mode.yaml │ ├── maintainability │ │ ├── improper-list-concat.py │ │ ├── improper-list-concat.yaml │ │ ├── is-function-without-parentheses.py │ │ ├── is-function-without-parentheses.yaml │ │ ├── return.py │ │ ├── return.yaml │ │ ├── useless-assign-keyed.py │ │ ├── useless-assign-keyed.yaml │ │ ├── useless-assign.notyaml │ │ ├── useless-assign.py │ │ ├── useless-ifelse.py │ │ ├── useless-ifelse.yaml │ │ ├── useless-innerfunction.py │ │ ├── useless-innerfunction.yaml │ │ ├── useless-literal-set.py │ │ ├── useless-literal-set.yaml │ │ ├── useless-literal.py │ │ └── useless-literal.yaml │ └── security │ │ ├── audit │ │ ├── conn_recv.py │ │ ├── conn_recv.yaml │ │ ├── dangerous-annotations-usage.py │ │ ├── dangerous-annotations-usage.yaml │ │ ├── dangerous-asyncio-create-exec-audit.py │ │ ├── dangerous-asyncio-create-exec-audit.yaml │ │ ├── dangerous-asyncio-create-exec-tainted-env-args.py │ │ ├── dangerous-asyncio-create-exec-tainted-env-args.yaml │ │ ├── dangerous-asyncio-exec-audit.py │ │ ├── dangerous-asyncio-exec-audit.yaml │ │ ├── dangerous-asyncio-exec-tainted-env-args.py │ │ ├── dangerous-asyncio-exec-tainted-env-args.yaml │ │ ├── dangerous-asyncio-shell-audit.py │ │ ├── dangerous-asyncio-shell-audit.yaml │ │ ├── dangerous-asyncio-shell-tainted-env-args.py │ │ ├── dangerous-asyncio-shell-tainted-env-args.yaml │ │ ├── dangerous-code-run-audit.py │ │ ├── dangerous-code-run-audit.yaml │ │ ├── dangerous-code-run-tainted-env-args.py │ │ ├── dangerous-code-run-tainted-env-args.yaml │ │ ├── dangerous-os-exec-audit.py │ │ ├── dangerous-os-exec-audit.yaml │ │ ├── dangerous-os-exec-tainted-env-args.py │ │ ├── dangerous-os-exec-tainted-env-args.yaml │ │ ├── dangerous-spawn-process-audit.py │ │ ├── dangerous-spawn-process-audit.yaml │ │ ├── dangerous-spawn-process-tainted-env-args.py │ │ ├── dangerous-spawn-process-tainted-env-args.yaml │ │ ├── dangerous-subinterpreters-run-string-audit.py │ │ ├── dangerous-subinterpreters-run-string-audit.yaml │ │ ├── dangerous-subinterpreters-run-string-tainted-env-args.py │ │ ├── dangerous-subinterpreters-run-string-tainted-env-args.yaml │ │ ├── dangerous-subprocess-use-audit.py │ │ ├── dangerous-subprocess-use-audit.yaml │ │ ├── dangerous-subprocess-use-tainted-env-args.py │ │ ├── dangerous-subprocess-use-tainted-env-args.yaml │ │ ├── dangerous-system-call-audit.py │ │ ├── dangerous-system-call-audit.yaml │ │ ├── dangerous-system-call-tainted-env-args.py │ │ ├── dangerous-system-call-tainted-env-args.yaml │ │ ├── dangerous-testcapi-run-in-subinterp-audit.py │ │ ├── dangerous-testcapi-run-in-subinterp-audit.yaml │ │ ├── dangerous-testcapi-run-in-subinterp-tainted-env-args.py │ │ ├── dangerous-testcapi-run-in-subinterp-tainted-env-args.yaml │ │ ├── dynamic-urllib-use-detected.py │ │ ├── dynamic-urllib-use-detected.yaml │ │ ├── eval-detected.py │ │ ├── eval-detected.yaml │ │ ├── exec-detected.py │ │ ├── exec-detected.yaml │ │ ├── formatted-sql-query.py │ │ ├── formatted-sql-query.yaml │ │ ├── hardcoded-password-default-argument.py │ │ ├── hardcoded-password-default-argument.yaml │ │ ├── httpsconnection-detected.py │ │ ├── httpsconnection-detected.yaml │ │ ├── insecure-file-permissions.py │ │ ├── insecure-file-permissions.yaml │ │ ├── insecure-transport │ │ │ ├── ftplib │ │ │ │ ├── use-ftp-tls.py │ │ │ │ └── use-ftp-tls.yaml │ │ │ ├── requests │ │ │ │ ├── request-session-http-in-with-context.py │ │ │ │ ├── request-session-http-in-with-context.yaml │ │ │ │ ├── request-session-with-http.py │ │ │ │ ├── request-session-with-http.yaml │ │ │ │ ├── request-with-http.py │ │ │ │ └── request-with-http.yaml │ │ │ ├── ssl │ │ │ │ ├── no-set-ciphers.py │ │ │ │ └── no-set-ciphers.yaml │ │ │ └── urllib │ │ │ │ ├── insecure-openerdirector-open-ftp.py │ │ │ │ ├── insecure-openerdirector-open-ftp.yaml │ │ │ │ ├── insecure-openerdirector-open.py │ │ │ │ ├── insecure-openerdirector-open.yaml │ │ │ │ ├── insecure-request-object-ftp.py │ │ │ │ ├── insecure-request-object-ftp.yaml │ │ │ │ ├── insecure-request-object.py │ │ │ │ ├── insecure-request-object.yaml │ │ │ │ ├── insecure-urlopen-ftp.py │ │ │ │ ├── insecure-urlopen-ftp.yaml │ │ │ │ ├── insecure-urlopen.py │ │ │ │ ├── insecure-urlopen.yaml │ │ │ │ ├── insecure-urlopener-open-ftp.py │ │ │ │ ├── insecure-urlopener-open-ftp.yaml │ │ │ │ ├── insecure-urlopener-open.py │ │ │ │ ├── insecure-urlopener-open.yaml │ │ │ │ ├── insecure-urlopener-retrieve-ftp.py │ │ │ │ ├── insecure-urlopener-retrieve-ftp.yaml │ │ │ │ ├── insecure-urlopener-retrieve.py │ │ │ │ ├── insecure-urlopener-retrieve.yaml │ │ │ │ ├── insecure-urlretrieve-ftp.py │ │ │ │ ├── insecure-urlretrieve-ftp.yaml │ │ │ │ ├── insecure-urlretrieve.py │ │ │ │ └── insecure-urlretrieve.yaml │ │ ├── logging │ │ │ ├── listeneval.py │ │ │ ├── listeneval.yaml │ │ │ ├── logger-credential-leak.py │ │ │ └── logger-credential-leak.yaml │ │ ├── mako-templates-detected.py │ │ ├── mako-templates-detected.yaml │ │ ├── marshal.py │ │ ├── marshal.yaml │ │ ├── md5-used-as-password.py │ │ ├── md5-used-as-password.yaml │ │ ├── network │ │ │ ├── bind.py │ │ │ ├── bind.yaml │ │ │ ├── disabled-cert-validation.py │ │ │ ├── disabled-cert-validation.yaml │ │ │ ├── http-not-https-connection.py │ │ │ └── http-not-https-connection.yaml │ │ ├── non-literal-import.py │ │ ├── non-literal-import.yaml │ │ ├── paramiko-implicit-trust-host-key.py │ │ ├── paramiko-implicit-trust-host-key.yaml │ │ ├── paramiko │ │ │ ├── paramiko-exec-command.py │ │ │ └── paramiko-exec-command.yaml │ │ ├── python-reverse-shell.py │ │ ├── python-reverse-shell.yaml │ │ ├── regex-dos.py │ │ ├── regex-dos.yaml │ │ ├── sha224-hash.py │ │ ├── sha224-hash.yaml │ │ ├── sqli │ │ │ ├── aiopg-sqli.py │ │ │ ├── aiopg-sqli.yaml │ │ │ ├── asyncpg-sqli.py │ │ │ ├── asyncpg-sqli.yaml │ │ │ ├── pg8000-sqli.py │ │ │ ├── pg8000-sqli.yaml │ │ │ ├── psycopg-sqli.py │ │ │ └── psycopg-sqli.yaml │ │ ├── ssl-wrap-socket-is-deprecated.py │ │ ├── ssl-wrap-socket-is-deprecated.yaml │ │ ├── subprocess-list-passed-as-string.py │ │ ├── subprocess-list-passed-as-string.yaml │ │ ├── subprocess-shell-true.fixed.py │ │ ├── subprocess-shell-true.py │ │ ├── subprocess-shell-true.yaml │ │ ├── system-wildcard-detected.py │ │ ├── system-wildcard-detected.yaml │ │ ├── telnetlib.py │ │ ├── telnetlib.yaml │ │ ├── weak-ssl-version.py │ │ └── weak-ssl-version.yaml │ │ ├── dangerous-code-run.py │ │ ├── dangerous-code-run.yaml │ │ ├── dangerous-globals-use.py │ │ ├── dangerous-globals-use.yaml │ │ ├── dangerous-os-exec.py │ │ ├── dangerous-os-exec.yaml │ │ ├── dangerous-spawn-process.py │ │ ├── dangerous-spawn-process.yaml │ │ ├── dangerous-subinterpreters-run-string.py │ │ ├── dangerous-subinterpreters-run-string.yaml │ │ ├── dangerous-subprocess-use.py │ │ ├── dangerous-subprocess-use.yaml │ │ ├── dangerous-system-call.py │ │ ├── dangerous-system-call.yaml │ │ ├── dangerous-testcapi-run-in-subinterp.py │ │ ├── dangerous-testcapi-run-in-subinterp.yaml │ │ ├── deserialization │ │ ├── avoid-jsonpickle.py │ │ ├── avoid-jsonpickle.yaml │ │ ├── avoid-pyyaml-load.py │ │ ├── avoid-pyyaml-load.yaml │ │ ├── avoid-unsafe-ruamel.py │ │ ├── avoid-unsafe-ruamel.yaml │ │ ├── pickle.py │ │ └── pickle.yaml │ │ ├── insecure-hash-algorithms-md5.py │ │ ├── insecure-hash-algorithms-md5.yaml │ │ ├── insecure-hash-algorithms.py │ │ ├── insecure-hash-algorithms.yaml │ │ ├── insecure-hash-function.py │ │ ├── insecure-hash-function.yaml │ │ ├── insecure-uuid-version.py │ │ ├── insecure-uuid-version.yaml │ │ ├── unverified-ssl-context.py │ │ ├── unverified-ssl-context.yaml │ │ ├── use-defused-xml-parse.fixed.py │ │ ├── use-defused-xml-parse.py │ │ ├── use-defused-xml-parse.yaml │ │ ├── use-defused-xml.py │ │ ├── use-defused-xml.yaml │ │ ├── use-defused-xmlrpc.py │ │ ├── use-defused-xmlrpc.yaml │ │ ├── use-defusedcsv.py │ │ └── use-defusedcsv.yaml ├── pycryptodome │ └── security │ │ ├── insecure-cipher-algorithm-blowfish.py │ │ ├── insecure-cipher-algorithm-blowfish.yaml │ │ ├── insecure-cipher-algorithm-des.py │ │ ├── insecure-cipher-algorithm-des.yaml │ │ ├── insecure-cipher-algorithm-rc2.py │ │ ├── insecure-cipher-algorithm-rc2.yaml │ │ ├── insecure-cipher-algorithm-rc4.py │ │ ├── insecure-cipher-algorithm-rc4.yaml │ │ ├── insecure-cipher-algorithm.py │ │ ├── insecure-cipher-algorithm.yaml │ │ ├── insecure-hash-algorithm-md2.py │ │ ├── insecure-hash-algorithm-md2.yaml │ │ ├── insecure-hash-algorithm-md4.py │ │ ├── insecure-hash-algorithm-md4.yaml │ │ ├── insecure-hash-algorithm-md5.py │ │ ├── insecure-hash-algorithm-md5.yaml │ │ ├── insecure-hash-algorithm.py │ │ ├── insecure-hash-algorithm.yaml │ │ ├── insufficient-dsa-key-size.py │ │ ├── insufficient-dsa-key-size.yaml │ │ ├── insufficient-rsa-key-size.py │ │ ├── insufficient-rsa-key-size.yaml │ │ ├── mode-without-authentication.py │ │ └── mode-without-authentication.yaml ├── pymongo │ └── security │ │ ├── mongodb.py │ │ └── mongodb.yaml ├── pyramid │ ├── audit │ │ ├── authtkt-cookie-httponly-unsafe-default.fixed.py │ │ ├── authtkt-cookie-httponly-unsafe-default.py │ │ ├── authtkt-cookie-httponly-unsafe-default.yaml │ │ ├── authtkt-cookie-httponly-unsafe-value.fixed.py │ │ ├── authtkt-cookie-httponly-unsafe-value.py │ │ ├── authtkt-cookie-httponly-unsafe-value.yaml │ │ ├── authtkt-cookie-samesite.fixed.py │ │ ├── authtkt-cookie-samesite.py │ │ ├── authtkt-cookie-samesite.yaml │ │ ├── authtkt-cookie-secure-unsafe-default.py │ │ ├── authtkt-cookie-secure-unsafe-default.yaml │ │ ├── authtkt-cookie-secure-unsafe-value.fixed.py │ │ ├── authtkt-cookie-secure-unsafe-value.py │ │ ├── authtkt-cookie-secure-unsafe-value.yaml │ │ ├── csrf-check-disabled.fixed.py │ │ ├── csrf-check-disabled.py │ │ ├── csrf-check-disabled.yaml │ │ ├── csrf-origin-check-disabled-globally.fixed.py │ │ ├── csrf-origin-check-disabled-globally.py │ │ ├── csrf-origin-check-disabled-globally.yaml │ │ ├── csrf-origin-check-disabled.fixed.py │ │ ├── csrf-origin-check-disabled.py │ │ ├── csrf-origin-check-disabled.yaml │ │ ├── set-cookie-httponly-unsafe-default.py │ │ ├── set-cookie-httponly-unsafe-default.yaml │ │ ├── set-cookie-httponly-unsafe-value.fixed.py │ │ ├── set-cookie-httponly-unsafe-value.py │ │ ├── set-cookie-httponly-unsafe-value.yaml │ │ ├── set-cookie-samesite-unsafe-default.py │ │ ├── set-cookie-samesite-unsafe-default.yaml │ │ ├── set-cookie-samesite-unsafe-value.fixed.py │ │ ├── set-cookie-samesite-unsafe-value.py │ │ ├── set-cookie-samesite-unsafe-value.yaml │ │ ├── set-cookie-secure-unsafe-default.py │ │ ├── set-cookie-secure-unsafe-default.yaml │ │ ├── set-cookie-secure-unsafe-value.fixed.py │ │ ├── set-cookie-secure-unsafe-value.py │ │ └── set-cookie-secure-unsafe-value.yaml │ └── security │ │ ├── csrf-check-disabled-globally.fixed.py │ │ ├── csrf-check-disabled-globally.py │ │ ├── csrf-check-disabled-globally.yaml │ │ ├── direct-use-of-response.py │ │ ├── direct-use-of-response.yaml │ │ ├── sqlalchemy-sql-injection.py │ │ └── sqlalchemy-sql-injection.yaml ├── requests │ ├── best-practice │ │ ├── use-raise-for-status.py │ │ ├── use-raise-for-status.yaml │ │ ├── use-request-json-shortcut.py │ │ ├── use-request-json-shortcut.yaml │ │ ├── use-response-json-shortcut.fixed.py │ │ ├── use-response-json-shortcut.py │ │ ├── use-response-json-shortcut.yaml │ │ ├── use-timeout.py │ │ └── use-timeout.yaml │ └── security │ │ ├── disabled-cert-validation.py │ │ ├── disabled-cert-validation.yaml │ │ ├── no-auth-over-http.py │ │ └── no-auth-over-http.yaml ├── sh │ └── security │ │ ├── string-concat.py │ │ └── string-concat.yaml ├── sqlalchemy │ ├── correctness │ │ ├── bad-operator-in-filter.py │ │ ├── bad-operator-in-filter.yaml │ │ ├── delete-where.py │ │ └── delete-where.yaml │ ├── performance │ │ ├── performance-improvements.py │ │ └── performance-improvements.yaml │ └── security │ │ ├── audit │ │ ├── avoid-sqlalchemy-text.py │ │ └── avoid-sqlalchemy-text.yaml │ │ ├── sqlalchemy-execute-raw-query.py │ │ ├── sqlalchemy-execute-raw-query.yaml │ │ ├── sqlalchemy-sql-injection.py │ │ └── sqlalchemy-sql-injection.yaml └── twilio │ └── security │ ├── twiml-injection.py │ └── twiml-injection.yaml ├── ruby ├── aws-lambda │ └── security │ │ ├── activerecord-sqli.rb │ │ ├── activerecord-sqli.yaml │ │ ├── mysql2-sqli.rb │ │ ├── mysql2-sqli.yaml │ │ ├── pg-sqli.rb │ │ ├── pg-sqli.yaml │ │ ├── sequel-sqli.rb │ │ ├── sequel-sqli.yaml │ │ ├── tainted-deserialization.rb │ │ ├── tainted-deserialization.yaml │ │ ├── tainted-sql-string.rb │ │ └── tainted-sql-string.yaml ├── jwt │ └── security │ │ ├── audit │ │ ├── jwt-decode-without-verify.rb │ │ ├── jwt-decode-without-verify.yaml │ │ ├── jwt-exposed-data.rb │ │ └── jwt-exposed-data.yaml │ │ ├── jwt-exposed-credentials.rb │ │ ├── jwt-exposed-credentials.yaml │ │ ├── jwt-hardcode.rb │ │ ├── jwt-hardcode.yaml │ │ ├── jwt-none-alg.rb │ │ └── jwt-none-alg.yaml ├── lang │ └── security │ │ ├── audit │ │ ├── sha224-hash.rb │ │ └── sha224-hash.yaml │ │ ├── bad-deserialization-env.rb │ │ ├── bad-deserialization-env.yaml │ │ ├── bad-deserialization-yaml.fixed.rb │ │ ├── bad-deserialization-yaml.rb │ │ ├── bad-deserialization-yaml.yaml │ │ ├── bad-deserialization.rb │ │ ├── bad-deserialization.yaml │ │ ├── cookie-serialization.rb │ │ ├── cookie-serialization.yaml │ │ ├── create-with.rb │ │ ├── create-with.yaml │ │ ├── dangerous-exec.rb │ │ ├── dangerous-exec.yaml │ │ ├── dangerous-open.rb │ │ ├── dangerous-open.yaml │ │ ├── dangerous-open3-pipeline.rb │ │ ├── dangerous-open3-pipeline.yaml │ │ ├── dangerous-subshell.rb │ │ ├── dangerous-subshell.yaml │ │ ├── dangerous-syscall.rb │ │ ├── dangerous-syscall.yaml │ │ ├── divide-by-zero.rb │ │ ├── divide-by-zero.yaml │ │ ├── file-disclosure.rb │ │ ├── file-disclosure.yaml │ │ ├── filter-skipping.rb │ │ ├── filter-skipping.yaml │ │ ├── force-ssl-false.rb │ │ ├── force-ssl-false.yaml │ │ ├── hardcoded-http-auth-in-controller.rb │ │ ├── hardcoded-http-auth-in-controller.yaml │ │ ├── hardcoded-secret-rsa-passphrase.rb │ │ ├── hardcoded-secret-rsa-passphrase.yaml │ │ ├── insufficient-rsa-key-size.rb │ │ ├── insufficient-rsa-key-size.yaml │ │ ├── json-entity-escape.rb │ │ ├── json-entity-escape.yaml │ │ ├── mass-assignment-protection-disabled.rb │ │ ├── mass-assignment-protection-disabled.yaml │ │ ├── md5-used-as-password.rb │ │ ├── md5-used-as-password.yaml │ │ ├── missing-csrf-protection.rb │ │ ├── missing-csrf-protection.yaml │ │ ├── model-attr-accessible.rb │ │ ├── model-attr-accessible.yaml │ │ ├── model-attributes-attr-accessible.rb │ │ ├── model-attributes-attr-accessible.yaml │ │ ├── no-eval.rb │ │ ├── no-eval.yaml │ │ ├── no-send.rb │ │ ├── no-send.yaml │ │ ├── ssl-mode-no-verify.rb │ │ ├── ssl-mode-no-verify.yaml │ │ ├── unprotected-mass-assign.rb │ │ ├── unprotected-mass-assign.yaml │ │ ├── weak-hashes-md5.rb │ │ ├── weak-hashes-md5.yaml │ │ ├── weak-hashes-sha1.rb │ │ └── weak-hashes-sha1.yaml └── rails │ ├── correctness │ ├── rails-no-render-after-save.fixed.rb │ ├── rails-no-render-after-save.rb │ └── rails-no-render-after-save.yaml │ ├── performance │ ├── ruby-rails-performance-indexes-are-really-beneficial.rb │ └── ruby-rails-performance-indexes-are-really-beneficial.yaml │ └── security │ ├── audit │ ├── avoid-logging-everything.rb │ ├── avoid-logging-everything.yaml │ ├── avoid-session-manipulation.rb │ ├── avoid-session-manipulation.yaml │ ├── avoid-tainted-file-access.rb │ ├── avoid-tainted-file-access.yaml │ ├── avoid-tainted-ftp-call.rb │ ├── avoid-tainted-ftp-call.yaml │ ├── avoid-tainted-http-request.rb │ ├── avoid-tainted-http-request.yaml │ ├── avoid-tainted-shell-call.rb │ ├── avoid-tainted-shell-call.yaml │ ├── detailed-exceptions.rb │ ├── detailed-exceptions.yaml │ ├── rails-skip-forgery-protection.rb │ ├── rails-skip-forgery-protection.yaml │ ├── sqli │ │ ├── ruby-pg-sqli.rb │ │ └── ruby-pg-sqli.yaml │ ├── xss │ │ ├── avoid-content-tag.rb │ │ ├── avoid-content-tag.yaml │ │ ├── avoid-default-routes.routes.rb │ │ ├── avoid-default-routes.yaml │ │ ├── avoid-html-safe.rb │ │ ├── avoid-html-safe.yaml │ │ ├── avoid-link-to.rb │ │ ├── avoid-link-to.yaml │ │ ├── avoid-raw.rb │ │ ├── avoid-raw.yaml │ │ ├── avoid-redirect.rb │ │ ├── avoid-redirect.yaml │ │ ├── avoid-render-dynamic-path.rb │ │ ├── avoid-render-dynamic-path.yaml │ │ ├── avoid-render-inline.rb │ │ ├── avoid-render-inline.yaml │ │ ├── avoid-render-text.rb │ │ ├── avoid-render-text.yaml │ │ ├── manual-template-creation.rb │ │ ├── manual-template-creation.yaml │ │ └── templates │ │ │ ├── alias-for-html-safe.erb │ │ │ ├── alias-for-html-safe.yaml │ │ │ ├── avoid-content-tag.erb │ │ │ ├── avoid-content-tag.yaml │ │ │ ├── avoid-html-safe.erb │ │ │ ├── avoid-html-safe.yaml │ │ │ ├── avoid-raw.erb │ │ │ ├── avoid-raw.yaml │ │ │ ├── dangerous-link-to.erb │ │ │ ├── dangerous-link-to.yaml │ │ │ ├── unquoted-attribute.erb │ │ │ ├── unquoted-attribute.yaml │ │ │ ├── var-in-href.erb │ │ │ ├── var-in-href.yaml │ │ │ ├── var-in-script-tag.erb │ │ │ └── var-in-script-tag.yaml │ └── xxe │ │ ├── libxml-backend.rb │ │ ├── libxml-backend.yaml │ │ ├── xml-external-entities-enabled.rb │ │ └── xml-external-entities-enabled.yaml │ ├── brakeman │ ├── check-before-filter.rb │ ├── check-before-filter.yaml │ ├── check-cookie-store-session-security-attributes.rb │ ├── check-cookie-store-session-security-attributes.yaml │ ├── check-dynamic-render-local-file-include.html.erb │ ├── check-dynamic-render-local-file-include.yaml │ ├── check-http-verb-confusion.rb │ ├── check-http-verb-confusion.yaml │ ├── check-permit-attributes-high.rb │ ├── check-permit-attributes-high.yaml │ ├── check-permit-attributes-medium.rb │ ├── check-permit-attributes-medium.yaml │ ├── check-rails-secret-yaml.secrets.test.yml │ ├── check-rails-secret-yaml.yaml │ ├── check-rails-session-secret-handling.rb │ ├── check-rails-session-secret-handling.yaml │ ├── check-redirect-to.rb │ ├── check-redirect-to.yaml │ ├── check-regex-dos.rb │ ├── check-regex-dos.yaml │ ├── check-render-local-file-include.rb │ ├── check-render-local-file-include.yaml │ ├── check-reverse-tabnabbing.html.erb │ ├── check-reverse-tabnabbing.yaml │ ├── check-secrets.rb │ ├── check-secrets.yaml │ ├── check-send-file.rb │ ├── check-send-file.yaml │ ├── check-sql.rb │ ├── check-sql.yaml │ ├── check-unsafe-reflection-methods.rb │ ├── check-unsafe-reflection-methods.yaml │ ├── check-unsafe-reflection.rb │ ├── check-unsafe-reflection.yaml │ ├── check-unscoped-find.rb │ ├── check-unscoped-find.yaml │ ├── check-validation-regex.rb │ └── check-validation-regex.yaml │ └── injection │ ├── raw-html-format.rb │ ├── raw-html-format.yaml │ ├── tainted-sql-string.rb │ ├── tainted-sql-string.yaml │ ├── tainted-url-host.rb │ └── tainted-url-host.yaml ├── rust └── lang │ └── security │ ├── args-os.rs │ ├── args-os.yml │ ├── args.rs │ ├── args.yml │ ├── current-exe.rs │ ├── current-exe.yml │ ├── insecure-hashes.rs │ ├── insecure-hashes.yml │ ├── reqwest-accept-invalid.rs │ ├── reqwest-accept-invalid.yml │ ├── reqwest-set-sensitive.rs │ ├── reqwest-set-sensitive.yml │ ├── rustls-dangerous.rs │ ├── rustls-dangerous.yml │ ├── ssl-verify-none.rs │ ├── ssl-verify-none.yml │ ├── temp-dir.rs │ ├── temp-dir.yml │ ├── unsafe-usage.rs │ └── unsafe-usage.yml ├── scala ├── jwt-scala │ └── security │ │ ├── jwt-scala-hardcode.scala │ │ └── jwt-scala-hardcode.yaml ├── lang │ ├── correctness │ │ ├── positive-number-index-of.scala │ │ └── positive-number-index-of.yaml │ └── security │ │ └── audit │ │ ├── dangerous-seq-run.scala │ │ ├── dangerous-seq-run.yaml │ │ ├── dangerous-shell-run.scala │ │ ├── dangerous-shell-run.yaml │ │ ├── dispatch-ssrf.scala │ │ ├── dispatch-ssrf.yaml │ │ ├── documentbuilder-dtd-enabled.scala │ │ ├── documentbuilder-dtd-enabled.yaml │ │ ├── insecure-random.scala │ │ ├── insecure-random.yaml │ │ ├── io-source-ssrf.scala │ │ ├── io-source-ssrf.yaml │ │ ├── path-traversal-fromfile.scala │ │ ├── path-traversal-fromfile.yaml │ │ ├── rsa-padding-set.scala │ │ ├── rsa-padding-set.yaml │ │ ├── sax-dtd-enabled.scala │ │ ├── sax-dtd-enabled.yaml │ │ ├── scala-dangerous-process-run.scala │ │ ├── scala-dangerous-process-run.yaml │ │ ├── scalac-debug.sbt │ │ ├── scalac-debug.yaml │ │ ├── scalaj-http-ssrf.scala │ │ ├── scalaj-http-ssrf.yaml │ │ ├── scalajs-eval.scala │ │ ├── scalajs-eval.yaml │ │ ├── tainted-sql-string.scala │ │ ├── tainted-sql-string.yaml │ │ ├── xmlinputfactory-dtd-enabled.scala │ │ └── xmlinputfactory-dtd-enabled.yaml ├── play │ └── security │ │ ├── conf-csrf-headers-bypass.conf │ │ ├── conf-csrf-headers-bypass.yaml │ │ ├── conf-insecure-cookie-settings.conf │ │ ├── conf-insecure-cookie-settings.yaml │ │ ├── tainted-html-response.scala │ │ ├── tainted-html-response.yaml │ │ ├── tainted-slick-sqli.scala │ │ ├── tainted-slick-sqli.yaml │ │ ├── tainted-sql-from-http-request.scala │ │ ├── tainted-sql-from-http-request.yaml │ │ ├── twirl-html-var.scala.html │ │ ├── twirl-html-var.yaml │ │ ├── webservice-ssrf.scala │ │ └── webservice-ssrf.yaml ├── scala-jwt │ └── security │ │ ├── jwt-hardcode.scala │ │ └── jwt-hardcode.yaml └── slick │ └── security │ ├── scala-slick-overrideSql-literal.scala │ ├── scala-slick-overrideSql-literal.yaml │ ├── scala-slick-sql-non-literal.scala │ └── scala-slick-sql-non-literal.yaml ├── scripts └── historical-semgrep-version ├── solidity ├── best-practice │ ├── use-abi-encodecall-instead-of-encodewithselector.sol │ ├── use-abi-encodecall-instead-of-encodewithselector.yaml │ ├── use-ownable2step.sol │ └── use-ownable2step.yaml ├── performance │ ├── array-length-outside-loop.sol │ ├── array-length-outside-loop.yaml │ ├── inefficient-state-variable-increment.sol │ ├── inefficient-state-variable-increment.yaml │ ├── init-variables-with-default-value.sol │ ├── init-variables-with-default-value.yaml │ ├── non-optimal-variables-swap.sol │ ├── non-optimal-variables-swap.yaml │ ├── non-payable-constructor.sol │ ├── non-payable-constructor.yaml │ ├── state-variable-read-in-a-loop.sol │ ├── state-variable-read-in-a-loop.yaml │ ├── unnecessary-checked-arithmetic-in-loop.sol │ ├── unnecessary-checked-arithmetic-in-loop.yaml │ ├── use-custom-error-not-require.sol │ ├── use-custom-error-not-require.yaml │ ├── use-multiple-require.sol │ ├── use-multiple-require.yaml │ ├── use-nested-if.sol │ ├── use-nested-if.yaml │ ├── use-prefix-decrement-not-postfix.sol │ ├── use-prefix-decrement-not-postfix.yaml │ ├── use-prefix-increment-not-postfix.sol │ ├── use-prefix-increment-not-postfix.yaml │ ├── use-short-revert-string.sol │ └── use-short-revert-string.yaml └── security │ ├── accessible-selfdestruct.sol │ ├── accessible-selfdestruct.yaml │ ├── arbitrary-low-level-call.sol │ ├── arbitrary-low-level-call.yaml │ ├── arbitrary-send-erc20.sol │ ├── arbitrary-send-erc20.yaml │ ├── balancer-readonly-reentrancy-getpooltokens.sol │ ├── balancer-readonly-reentrancy-getpooltokens.yaml │ ├── balancer-readonly-reentrancy-getrate.sol │ ├── balancer-readonly-reentrancy-getrate.yaml │ ├── basic-arithmetic-underflow.sol │ ├── basic-arithmetic-underflow.yaml │ ├── basic-oracle-manipulation.sol │ ├── basic-oracle-manipulation.yaml │ ├── compound-borrowfresh-reentrancy.sol │ ├── compound-borrowfresh-reentrancy.yaml │ ├── compound-sweeptoken-not-restricted.sol │ ├── compound-sweeptoken-not-restricted.yaml │ ├── curve-readonly-reentrancy.sol │ ├── curve-readonly-reentrancy.yaml │ ├── delegatecall-to-arbitrary-address.sol │ ├── delegatecall-to-arbitrary-address.yaml │ ├── encode-packed-collision.sol │ ├── encode-packed-collision.yaml │ ├── erc20-public-burn.sol │ ├── erc20-public-burn.yaml │ ├── erc20-public-transfer.sol │ ├── erc20-public-transfer.yaml │ ├── erc677-reentrancy.sol │ ├── erc677-reentrancy.yaml │ ├── erc721-arbitrary-transferfrom.sol │ ├── erc721-arbitrary-transferfrom.yaml │ ├── erc721-reentrancy.sol │ ├── erc721-reentrancy.yaml │ ├── erc777-reentrancy.sol │ ├── erc777-reentrancy.yaml │ ├── gearbox-tokens-path-confusion.sol │ ├── gearbox-tokens-path-confusion.yaml │ ├── incorrect-use-of-blockhash.sol │ ├── incorrect-use-of-blockhash.yaml │ ├── keeper-network-oracle-manipulation.sol │ ├── keeper-network-oracle-manipulation.yaml │ ├── missing-self-transfer-check-ercx.sol │ ├── missing-self-transfer-check-ercx.yaml │ ├── msg-value-multicall.sol │ ├── msg-value-multicall.yaml │ ├── no-bidi-characters.sol │ ├── no-bidi-characters.yaml │ ├── no-slippage-check.sol │ ├── no-slippage-check.yaml │ ├── openzeppelin-ecdsa-recover-malleable.sol │ ├── openzeppelin-ecdsa-recover-malleable.yaml │ ├── oracle-price-update-not-restricted.sol │ ├── oracle-price-update-not-restricted.yaml │ ├── proxy-storage-collision.sol │ ├── proxy-storage-collision.yaml │ ├── redacted-cartel-custom-approval-bug.sol │ ├── redacted-cartel-custom-approval-bug.yaml │ ├── rigoblock-missing-access-control.sol │ ├── rigoblock-missing-access-control.yaml │ ├── sense-missing-oracle-access-control.sol │ ├── sense-missing-oracle-access-control.yaml │ ├── superfluid-ctx-injection.sol │ ├── superfluid-ctx-injection.yaml │ ├── tecra-coin-burnfrom-bug.sol │ ├── tecra-coin-burnfrom-bug.yaml │ ├── uniswap-callback-not-protected.sol │ ├── uniswap-callback-not-protected.yaml │ ├── unrestricted-transferownership.sol │ └── unrestricted-transferownership.yaml ├── stats ├── Sources_Sinks_Checklist.md ├── cwe_to_metacategory.yml ├── gen_table.py ├── high_signal_coverage.md ├── matrixify.py ├── matrixify_graph.py ├── metacategory_stats_table.md ├── metacategory_to_support_tier.yml ├── taint_without_audit_coverage.md └── web_frameworks.yml ├── swift ├── lang │ ├── crypto │ │ ├── insecure-random.swift │ │ └── insecure-random.yaml │ └── storage │ │ ├── sensitive-storage-userdefaults.swift │ │ └── sensitive-storage-userdefaults.yaml ├── sqllite │ ├── sqllite-injection-audit.swift │ └── sqllite-injection-audit.yaml └── webview │ ├── webview-js-window.swift │ └── webview-js-window.yaml ├── template.yaml ├── terraform ├── aws │ ├── best-practice │ │ ├── aws-elasticache-automatic-backup-not-enabled.tf │ │ ├── aws-elasticache-automatic-backup-not-enabled.yaml │ │ ├── aws-qldb-inadequate-ledger-permissions-mode.tf │ │ ├── aws-qldb-inadequate-ledger-permissions-mode.yaml │ │ ├── aws-rds-cluster-iam-authentication-not-enabled.tf │ │ ├── aws-rds-cluster-iam-authentication-not-enabled.yaml │ │ ├── aws-rds-iam-authentication-not-enabled.tf │ │ ├── aws-rds-iam-authentication-not-enabled.yaml │ │ ├── aws-rds-multiaz-not-enabled.tf │ │ ├── aws-rds-multiaz-not-enabled.yaml │ │ ├── aws-s3-bucket-versioning-not-enabled.tf │ │ ├── aws-s3-bucket-versioning-not-enabled.yaml │ │ ├── aws-s3-object-lock-not-enabled.tf │ │ ├── aws-s3-object-lock-not-enabled.yaml │ │ ├── missing-alb-drop-http-headers.tf │ │ ├── missing-alb-drop-http-headers.yaml │ │ ├── missing-api-gateway-cache-cluster.tf │ │ ├── missing-api-gateway-cache-cluster.yaml │ │ ├── missing-autoscaling-group-tags.tf │ │ ├── missing-autoscaling-group-tags.yaml │ │ ├── missing-aws-autoscaling-tags.tf │ │ ├── missing-aws-autoscaling-tags.yaml │ │ ├── missing-aws-cross-zone-lb.tf │ │ ├── missing-aws-cross-zone-lb.yaml │ │ ├── missing-aws-lb-deletion-protection.tf │ │ ├── missing-aws-lb-deletion-protection.yaml │ │ ├── missing-aws-qldb-deletion-protection.tf │ │ ├── missing-aws-qldb-deletion-protection.yaml │ │ ├── missing-cloudwatch-log-group-kms-key.tf │ │ ├── missing-cloudwatch-log-group-kms-key.yaml │ │ ├── missing-cloudwatch-log-group-retention.tf │ │ └── missing-cloudwatch-log-group-retention.yaml │ ├── correctness │ │ ├── lambda-permission-logs-missing-arn-asterisk.tf │ │ ├── lambda-permission-logs-missing-arn-asterisk.yaml │ │ ├── lambda-redundant-field-with-image.tf │ │ ├── lambda-redundant-field-with-image.yaml │ │ ├── reserved-aws-lambda-environment-variable.tf │ │ ├── reserved-aws-lambda-environment-variable.yaml │ │ ├── subscription-filter-missing-depends.tf │ │ └── subscription-filter-missing-depends.yaml │ └── security │ │ ├── aws-athena-client-can-disable-workgroup-encryption.tf │ │ ├── aws-athena-client-can-disable-workgroup-encryption.yaml │ │ ├── aws-athena-database-unencrypted.tf │ │ ├── aws-athena-database-unencrypted.yaml │ │ ├── aws-athena-workgroup-unencrypted.tf │ │ ├── aws-athena-workgroup-unencrypted.yaml │ │ ├── aws-backup-vault-unencrypted.tf │ │ ├── aws-backup-vault-unencrypted.yaml │ │ ├── aws-cloudfront-insecure-tls.tf │ │ ├── aws-cloudfront-insecure-tls.yaml │ │ ├── aws-cloudtrail-encrypted-with-cmk.tf │ │ ├── aws-cloudtrail-encrypted-with-cmk.yaml │ │ ├── aws-cloudwatch-log-group-no-retention.tf │ │ ├── aws-cloudwatch-log-group-no-retention.yaml │ │ ├── aws-cloudwatch-log-group-unencrypted.tf │ │ ├── aws-cloudwatch-log-group-unencrypted.yaml │ │ ├── aws-codebuild-artifacts-unencrypted.tf │ │ ├── aws-codebuild-artifacts-unencrypted.yaml │ │ ├── aws-codebuild-project-artifacts-unencrypted.tf │ │ ├── aws-codebuild-project-artifacts-unencrypted.yaml │ │ ├── aws-codebuild-project-unencrypted.tf │ │ ├── aws-codebuild-project-unencrypted.yaml │ │ ├── aws-config-aggregator-not-all-regions.tf │ │ ├── aws-config-aggregator-not-all-regions.yaml │ │ ├── aws-db-instance-no-logging.tf │ │ ├── aws-db-instance-no-logging.yaml │ │ ├── aws-docdb-encrypted-with-cmk.tf │ │ ├── aws-docdb-encrypted-with-cmk.yaml │ │ ├── aws-documentdb-auditing-disabled.tf │ │ ├── aws-documentdb-auditing-disabled.yaml │ │ ├── aws-documentdb-storage-unencrypted.tf │ │ ├── aws-documentdb-storage-unencrypted.yaml │ │ ├── aws-dynamodb-point-in-time-recovery-disabled.tf │ │ ├── aws-dynamodb-point-in-time-recovery-disabled.yaml │ │ ├── aws-dynamodb-table-unencrypted.tf │ │ ├── aws-dynamodb-table-unencrypted.yaml │ │ ├── aws-ebs-snapshot-encrypted-with-cmk.tf │ │ ├── aws-ebs-snapshot-encrypted-with-cmk.yaml │ │ ├── aws-ebs-unencrypted.tf │ │ ├── aws-ebs-unencrypted.yaml │ │ ├── aws-ebs-volume-encrypted-with-cmk.tf │ │ ├── aws-ebs-volume-encrypted-with-cmk.yaml │ │ ├── aws-ebs-volume-unencrypted.tf │ │ ├── aws-ebs-volume-unencrypted.yaml │ │ ├── aws-ec2-has-public-ip.tf │ │ ├── aws-ec2-has-public-ip.yaml │ │ ├── aws-ec2-launch-configuration-ebs-block-device-unencrypted.tf │ │ ├── aws-ec2-launch-configuration-ebs-block-device-unencrypted.yaml │ │ ├── aws-ec2-launch-configuration-root-block-device-unencrypted.tf │ │ ├── aws-ec2-launch-configuration-root-block-device-unencrypted.yml │ │ ├── aws-ec2-launch-template-metadata-service-v1-enabled.tf │ │ ├── aws-ec2-launch-template-metadata-service-v1-enabled.yaml │ │ ├── aws-ec2-security-group-allows-public-ingress.tf │ │ ├── aws-ec2-security-group-allows-public-ingress.yaml │ │ ├── aws-ec2-security-group-rule-missing-description.tf │ │ ├── aws-ec2-security-group-rule-missing-description.yaml │ │ ├── aws-ecr-image-scanning-disabled.tf │ │ ├── aws-ecr-image-scanning-disabled.yaml │ │ ├── aws-ecr-mutable-image-tags.tf │ │ ├── aws-ecr-mutable-image-tags.yaml │ │ ├── aws-ecr-repository-wildcard-principal.tf │ │ ├── aws-ecr-repository-wildcard-principal.yaml │ │ ├── aws-efs-filesystem-encrypted-with-cmk.tf │ │ ├── aws-efs-filesystem-encrypted-with-cmk.yaml │ │ ├── aws-elasticsearch-insecure-tls-version.tf │ │ ├── aws-elasticsearch-insecure-tls-version.yaml │ │ ├── aws-elasticsearch-nodetonode-encryption.tf │ │ ├── aws-elasticsearch-nodetonode-encryption.yaml │ │ ├── aws-elb-access-logs-not-enabled.tf │ │ ├── aws-elb-access-logs-not-enabled.yaml │ │ ├── aws-emr-encrypted-with-cmk.tf │ │ ├── aws-emr-encrypted-with-cmk.yaml │ │ ├── aws-fsx-lustre-file-system.tf │ │ ├── aws-fsx-lustre-files-ystem.yaml │ │ ├── aws-fsx-lustre-filesystem-encrypted-with-cmk.tf │ │ ├── aws-fsx-lustre-filesystem-encrypted-with-cmk.yaml │ │ ├── aws-fsx-ontapfs-encrypted-with-cmk.tf │ │ ├── aws-fsx-ontapfs-encrypted-with-cmk.yaml │ │ ├── aws-fsx-windows-encrypted-with-cmk.tf │ │ ├── aws-fsx-windows-encrypted-with-cmk.yaml │ │ ├── aws-glacier-vault-any-principal.tf │ │ ├── aws-glacier-vault-any-principal.yaml │ │ ├── aws-iam-admin-policy-ssoadmin.tf │ │ ├── aws-iam-admin-policy-ssoadmin.yaml │ │ ├── aws-iam-admin-policy.tf │ │ ├── aws-iam-admin-policy.yaml │ │ ├── aws-imagebuilder-component-encrypted-with-cmk.tf │ │ ├── aws-imagebuilder-component-encrypted-with-cmk.yaml │ │ ├── aws-insecure-api-gateway-tls-version.tf │ │ ├── aws-insecure-api-gateway-tls-version.yaml │ │ ├── aws-insecure-redshift-ssl-configuration.tf │ │ ├── aws-insecure-redshift-ssl-configuration.yaml │ │ ├── aws-kinesis-stream-encrypted-with-cmk.tf │ │ ├── aws-kinesis-stream-encrypted-with-cmk.yaml │ │ ├── aws-kinesis-stream-unencrypted.tf │ │ ├── aws-kinesis-stream-unencrypted.yaml │ │ ├── aws-kinesis-video-stream-encrypted-with-cmk.tf │ │ ├── aws-kinesis-video-stream-encrypted-with-cmk.yaml │ │ ├── aws-kms-key-wildcard-principal.tf │ │ ├── aws-kms-key-wildcard-principal.yaml │ │ ├── aws-kms-no-rotation.tf │ │ ├── aws-kms-no-rotation.yaml │ │ ├── aws-lambda-environment-credentials.tf │ │ ├── aws-lambda-environment-credentials.yaml │ │ ├── aws-lambda-environment-unencrypted.tf │ │ ├── aws-lambda-environment-unencrypted.yaml │ │ ├── aws-lambda-permission-unrestricted-source-arn.tf │ │ ├── aws-lambda-permission-unrestricted-source-arn.yaml │ │ ├── aws-lambda-x-ray-tracing-not-active.tf │ │ ├── aws-lambda-x-ray-tracing-not-active.yaml │ │ ├── aws-network-acl-allows-all-ports.tf │ │ ├── aws-network-acl-allows-all-ports.yaml │ │ ├── aws-network-acl-allows-public-ingress.tf │ │ ├── aws-network-acl-allows-public-ingress.yaml │ │ ├── aws-opensearchserverless-encrypted-with-cmk.tf │ │ ├── aws-opensearchserverless-encrypted-with-cmk.yaml │ │ ├── aws-provider-static-credentials.tf │ │ ├── aws-provider-static-credentials.yaml │ │ ├── aws-provisioner-exec.tf │ │ ├── aws-provisioner-exec.yaml │ │ ├── aws-rds-backup-no-retention.tf │ │ ├── aws-rds-backup-no-retention.yaml │ │ ├── aws-redshift-cluster-encrypted-with-cmk.tf │ │ ├── aws-redshift-cluster-encrypted-with-cmk.yaml │ │ ├── aws-s3-bucket-object-encrypted-with-cmk.tf │ │ ├── aws-s3-bucket-object-encrypted-with-cmk.yaml │ │ ├── aws-s3-object-copy-encrypted-with-cmk.tf │ │ ├── aws-s3-object-copy-encrypted-with-cmk.yaml │ │ ├── aws-sagemaker-domain-encrypted-with-cmk.tf │ │ ├── aws-sagemaker-domain-encrypted-with-cmk.yaml │ │ ├── aws-secretsmanager-secret-unencrypted.tf │ │ ├── aws-secretsmanager-secret-unencrypted.yaml │ │ ├── aws-sns-topic-unencrypted.tf │ │ ├── aws-sns-topic-unencrypted.yaml │ │ ├── aws-sqs-queue-policy-wildcard-action.tf │ │ ├── aws-sqs-queue-policy-wildcard-action.yaml │ │ ├── aws-sqs-queue-policy-wildcard-principal.tf │ │ ├── aws-sqs-queue-policy-wildcard-principal.yaml │ │ ├── aws-sqs-queue-unencrypted.tf │ │ ├── aws-sqs-queue-unencrypted.yaml │ │ ├── aws-ssm-document-logging-issues.tf │ │ ├── aws-ssm-document-logging-issues.yaml │ │ ├── aws-subnet-has-public-ip-address.tf │ │ ├── aws-subnet-has-public-ip-address.yaml │ │ ├── aws-timestream-database-encrypted-with-cmk.tf │ │ ├── aws-timestream-database-encrypted-with-cmk.yaml │ │ ├── aws-transfer-server-is-public.tf │ │ ├── aws-transfer-server-is-public.yaml │ │ ├── aws-workspaces-root-volume-unencrypted.tf │ │ ├── aws-workspaces-root-volume-unencrypted.yaml │ │ ├── aws-workspaces-user-volume-unencrypted.tf │ │ ├── aws-workspaces-user-volume-unencrypted.yaml │ │ ├── insecure-load-balancer-tls-version.tf │ │ ├── insecure-load-balancer-tls-version.yaml │ │ ├── missing-athena-workgroup-encryption.tf │ │ ├── missing-athena-workgroup-encryption.yaml │ │ ├── unrestricted-github-oidc-policy.tf │ │ ├── unrestricted-github-oidc-policy.yaml │ │ ├── wildcard-assume-role.tf │ │ └── wildcard-assume-role.yaml ├── azure │ ├── best-practice │ │ ├── azure-ad-used-auth-service-fabric.tf │ │ ├── azure-ad-used-auth-service-fabric.yaml │ │ ├── azure-aks-uses-azure-policies-addon.tf │ │ ├── azure-aks-uses-azure-policies-addon.yaml │ │ ├── azure-appgateway-enables-waf.tf │ │ ├── azure-appgateway-enables-waf.yaml │ │ ├── azure-appservice-dotnet-framework-version.tf │ │ ├── azure-appservice-dotnet-framework-version.yaml │ │ ├── azure-appservice-ftps-state.tf │ │ ├── azure-appservice-ftps-state.yaml │ │ ├── azure-appservice-https-20-enabled.tf │ │ ├── azure-appservice-https-20-enabled.yaml │ │ ├── azure-appservice-java-version.tf │ │ ├── azure-appservice-java-version.yaml │ │ ├── azure-appservice-php-version.tf │ │ ├── azure-appservice-php-version.yaml │ │ ├── azure-appservice-python-version.tf │ │ ├── azure-appservice-python-version.yaml │ │ ├── azure-appservice-used-azure-files.tf │ │ ├── azure-appservice-used-azure-files.yaml │ │ ├── azure-defenderon-appservices.tf │ │ ├── azure-defenderon-appservices.yaml │ │ ├── azure-defenderon-container-registry.tf │ │ ├── azure-defenderon-container-registry.yaml │ │ ├── azure-defenderon-keyvaults.tf │ │ ├── azure-defenderon-keyvaults.yaml │ │ ├── azure-defenderon-kubernetes.tf │ │ ├── azure-defenderon-kubernetes.yaml │ │ ├── azure-defenderon-servers.tf │ │ ├── azure-defenderon-servers.yaml │ │ ├── azure-defenderon-sqlservers-vms.tf │ │ ├── azure-defenderon-sqlservers-vms.yaml │ │ ├── azure-defenderon-sqlservers.tf │ │ ├── azure-defenderon-sqlservers.yaml │ │ ├── azure-defenderon-storage.tf │ │ ├── azure-defenderon-storage.yaml │ │ ├── azure-frontdoor-enables-waf.tf │ │ ├── azure-frontdoor-enables-waf.yaml │ │ ├── azure-frontdoor-use-wafmode.tf │ │ ├── azure-frontdoor-use-wafmode.yaml │ │ ├── azure-functionapp-http-version-latest.tf │ │ ├── azure-functionapp-http-version-latest.yaml │ │ ├── azure-functionapps-accessible-over-https.tf │ │ ├── azure-functionapps-accessible-over-https.yaml │ │ ├── azure-keyvault-enables-firewall-rules-settings.tf │ │ ├── azure-keyvault-enables-firewall-rules-settings.yaml │ │ ├── azure-keyvault-enables-purge-protection.tf │ │ ├── azure-keyvault-enables-purge-protection.yaml │ │ ├── azure-keyvault-enables-soft-delete.tf │ │ ├── azure-keyvault-enables-soft-delete.yaml │ │ ├── azure-keyvault-recovery-enabled.tf │ │ ├── azure-keyvault-recovery-enabled.yaml │ │ ├── azure-mariadb-geo-backup-enabled.tf │ │ ├── azure-mariadb-geo-backup-enabled.yaml │ │ ├── azure-mariadb-sslenforcement-enabled.tf │ │ ├── azure-mariadb-sslenforcement-enabled.yaml │ │ ├── azure-monitor-log-profile-categories.tf │ │ ├── azure-monitor-log-profile-categories.yaml │ │ ├── azure-monitor-log-profile-retention-days.tf │ │ ├── azure-monitor-log-profile-retention-days.yaml │ │ ├── azure-mysql-geo-backup-enabled.tf │ │ ├── azure-mysql-geo-backup-enabled.yaml │ │ ├── azure-mysql-server-tlsenforcement-enabled.tf │ │ ├── azure-mysql-server-tlsenforcement-enabled.yaml │ │ ├── azure-mysql-threat-detection-enabled.tf │ │ ├── azure-mysql-threat-detection-enabled.yaml │ │ ├── azure-networkinterface-enable-ip-forwarding.tf │ │ ├── azure-networkinterface-enable-ip-forwarding.yaml │ │ ├── azure-postgresql-flexi-server-geo-backup-enabled.tf │ │ ├── azure-postgresql-flexi-server-geo-backup-enabled.yaml │ │ ├── azure-postgresql-geo-backup-enabled.tf │ │ ├── azure-postgresql-geo-backup-enabled.yaml │ │ ├── azure-postgresql-server-connection-throttling-enabled.tf │ │ ├── azure-postgresql-server-connection-throttling-enabled.yaml │ │ ├── azure-postgresql-server-log-checkpoint-enabled.tf │ │ ├── azure-postgresql-server-log-checkpoint-enabled.yaml │ │ ├── azure-postgresql-server-log-connections-enabled.tf │ │ ├── azure-postgresql-server-log-connections-enabled.yaml │ │ ├── azure-postgresql-ssl-enforcement-enabled.tf │ │ ├── azure-postgresql-ssl-enforcement-enabled.yaml │ │ ├── azure-postgresql-threat-detection-enabled.tf │ │ ├── azure-postgresql-threat-detection-enabled.yaml │ │ ├── azure-secret-content-type.tf │ │ ├── azure-secret-content-type.yaml │ │ ├── azure-secret-expiration-date.tf │ │ ├── azure-secret-expiration-date.yaml │ │ ├── azure-securitcenter-email-alert.tf │ │ ├── azure-securitcenter-email-alert.yaml │ │ ├── azure-securitycenter-contact-emails.tf │ │ ├── azure-securitycenter-contact-emails.yaml │ │ ├── azure-securitycenter-contact-phone.tf │ │ ├── azure-securitycenter-contact-phone.yaml │ │ ├── azure-securitycenter-email-alert-admins.tf │ │ ├── azure-securitycenter-email-alert-admins.yaml │ │ ├── azure-securitycenter-standard-pricing.tf │ │ ├── azure-securitycenter-standard-pricing.yaml │ │ ├── azure-sqlserver-email-alerts-enabled.tf │ │ ├── azure-sqlserver-email-alerts-enabled.yaml │ │ ├── azure-sqlserver-email-alerts-toadmins-enabled.tf │ │ ├── azure-sqlserver-email-alerts-toadmins-enabled.yaml │ │ ├── azure-sqlserver-threat-detection-types.tf │ │ ├── azure-sqlserver-threat-detection-types.yaml │ │ ├── azure-storage-account-enables-secure-transfer.tf │ │ ├── azure-storage-account-enables-secure-transfer.yaml │ │ ├── azure-synapse-workscape-enables-managed-virtual-network.tf │ │ ├── azure-synapse-workscape-enables-managed-virtual-network.yaml │ │ ├── azure-vmscale-sets-auto-os-image-patching-enabled.tf │ │ ├── azure-vmscale-sets-auto-os-image-patching-enabled.yaml │ │ ├── azure-waf-specificed-mode-app-gw.tf │ │ └── azure-waf-specificed-mode-app-gw.yaml │ └── security │ │ ├── aks │ │ ├── azure-aks-apiserver-auth-ip-ranges.tf │ │ ├── azure-aks-apiserver-auth-ip-ranges.yaml │ │ ├── azure-aks-private-clusters-enabled.tf │ │ ├── azure-aks-private-clusters-enabled.yaml │ │ ├── azure-aks-uses-disk-encryptionset.tf │ │ └── azure-aks-uses-disk-encryptionset.yaml │ │ ├── apiservice │ │ ├── azure-apiservices-use-virtualnetwork.tf │ │ └── azure-apiservices-use-virtualnetwork.yaml │ │ ├── appservice │ │ ├── appservice-account-identity-registered.tf │ │ ├── appservice-account-identity-registered.yaml │ │ ├── appservice-authentication-enabled.tf │ │ ├── appservice-authentication-enabled.yaml │ │ ├── appservice-enable-http2.tf │ │ ├── appservice-enable-http2.yaml │ │ ├── appservice-enable-https-only.tf │ │ ├── appservice-enable-https-only.yaml │ │ ├── appservice-require-client-cert.tf │ │ ├── appservice-require-client-cert.yaml │ │ ├── appservice-use-secure-tls-policy.tf │ │ ├── appservice-use-secure-tls-policy.yaml │ │ ├── azure-appservice-auth.tf │ │ ├── azure-appservice-auth.yaml │ │ ├── azure-appservice-client-certificate.tf │ │ ├── azure-appservice-client-certificate.yaml │ │ ├── azure-appservice-detailed-errormessages-enabled.tf │ │ ├── azure-appservice-detailed-errormessages-enabled.yaml │ │ ├── azure-appservice-disallowed-cors.tf │ │ ├── azure-appservice-disallowed-cors.yaml │ │ ├── azure-appservice-enabled-failed-request.tf │ │ ├── azure-appservice-enabled-failed-request.yaml │ │ ├── azure-appservice-http-logging-enabled.tf │ │ ├── azure-appservice-http-logging-enabled.yaml │ │ ├── azure-appservice-https-only.tf │ │ ├── azure-appservice-https-only.yaml │ │ ├── azure-appservice-identity.tf │ │ ├── azure-appservice-identity.yaml │ │ ├── azure-appservice-identityprovider-enabled.tf │ │ ├── azure-appservice-identityprovider-enabled.yaml │ │ ├── azure-appservice-min-tls-version.tf │ │ └── azure-appservice-min-tls-version.yaml │ │ ├── azure-automation-encrypted.tf │ │ ├── azure-automation-encrypted.yaml │ │ ├── azure-batchaccount-uses-keyvault-encrpytion.tf │ │ ├── azure-batchaccount-uses-keyvault-encrpytion.yaml │ │ ├── azure-cognitiveservices-disables-public-network.tf │ │ ├── azure-cognitiveservices-disables-public-network.yaml │ │ ├── azure-containergroup-deployed-into-virtualnetwork.tf │ │ ├── azure-containergroup-deployed-into-virtualnetwork.yaml │ │ ├── azure-cosmosdb-accounts-restricted-access.tf │ │ ├── azure-cosmosdb-accounts-restricted-access.yaml │ │ ├── azure-cosmosdb-disable-access-key-write.tf │ │ ├── azure-cosmosdb-disable-access-key-write.yaml │ │ ├── azure-cosmosdb-disables-public-network.tf │ │ ├── azure-cosmosdb-disables-public-network.yaml │ │ ├── azure-cosmosdb-have-cmk.tf │ │ ├── azure-cosmosdb-have-cmk.yaml │ │ ├── azure-customrole-definition-subscription-owner.tf │ │ ├── azure-customrole-definition-subscription-owner.yaml │ │ ├── azure-dataexplorer-double-encryption-enabled.tf │ │ ├── azure-dataexplorer-double-encryption-enabled.yaml │ │ ├── azure-dataexplorer-uses-disk-encryption.tf │ │ ├── azure-dataexplorer-uses-disk-encryption.yaml │ │ ├── azure-datafactory-no-public-network-access.tf │ │ ├── azure-datafactory-no-public-network-access.yaml │ │ ├── azure-datafactory-uses-git-repository.tf │ │ ├── azure-datafactory-uses-git-repository.yaml │ │ ├── azure-datalake-store-encryption.tf │ │ ├── azure-datalake-store-encryption.yaml │ │ ├── azure-eventgrid-domain-network-access.tf │ │ ├── azure-eventgrid-domain-network-access.yaml │ │ ├── azure-functionapp-disallow-cors.tf │ │ ├── azure-functionapp-disallow-cors.yaml │ │ ├── azure-functionapps-enable-auth.tf │ │ ├── azure-functionapps-enable-auth.yaml │ │ ├── azure-instance-extensions.tf │ │ ├── azure-instance-extensions.yaml │ │ ├── azure-iot-no-public-network-access.tf │ │ ├── azure-iot-no-public-network-access.yaml │ │ ├── azure-key-backedby-hsm.tf │ │ ├── azure-key-backedby-hsm.yaml │ │ ├── azure-key-no-expiration-date.tf │ │ ├── azure-key-no-expiration-date.yaml │ │ ├── azure-managed-disk-encryption-set.tf │ │ ├── azure-managed-disk-encryption-set.yaml │ │ ├── azure-managed-disk-encryption.tf │ │ ├── azure-managed-disk-encryption.yaml │ │ ├── azure-mariadb-public-access-disabled.tf │ │ ├── azure-mariadb-public-access-disabled.yaml │ │ ├── azure-monitor-log-profile-retention-days.tf │ │ ├── azure-monitor-log-profile-retention-days.yaml │ │ ├── azure-mssql-service-mintls-version.tf │ │ ├── azure-mssql-service-mintls-version.yaml │ │ ├── azure-mysql-encryption-enabled.tf │ │ ├── azure-mysql-encryption-enabled.yaml │ │ ├── azure-mysql-mintls-version.tf │ │ ├── azure-mysql-mintls-version.yaml │ │ ├── azure-mysql-public-access-disabled.tf │ │ ├── azure-mysql-public-access-disabled.yaml │ │ ├── azure-network-watcher-flowlog-period.tf │ │ ├── azure-network-watcher-flowlog-period.yaml │ │ ├── azure-postgresql-encryption-enabled.tf │ │ ├── azure-postgresql-encryption-enabled.yaml │ │ ├── azure-postgresql-min-tls-version.tf │ │ ├── azure-postgresql-min-tls-version.yaml │ │ ├── azure-postgresql-server-public-access-disabled.tf │ │ ├── azure-postgresql-server-public-access-disabled.yaml │ │ ├── azure-redis-cache-enable-non-ssl-port.tf │ │ ├── azure-redis-cache-enable-non-ssl-port.yaml │ │ ├── azure-redis-cache-public-network-access-enabled.tf │ │ ├── azure-redis-cache-public-network-access-enabled.yaml │ │ ├── azure-remote-debugging-not-enabled.tf │ │ ├── azure-remote-debugging-not-enabled.yaml │ │ ├── azure-scale-set-password.tf │ │ ├── azure-scale-set-password.yaml │ │ ├── azure-search-publicnetwork-access-disabled.tf │ │ ├── azure-search-publicnetwork-access-disabled.yaml │ │ ├── azure-service-fabric-cluster-protection-level.tf │ │ ├── azure-service-fabric-cluster-protection-level.yaml │ │ ├── azure-sqlserver-no-public-access.tf │ │ ├── azure-sqlserver-no-public-access.yaml │ │ ├── azure-sqlserver-public-access-disabled.tf │ │ ├── azure-sqlserver-public-access-disabled.yaml │ │ ├── azure-storage-account-disable-public-access.tf │ │ ├── azure-storage-account-disable-public-access.yaml │ │ ├── azure-storage-account-minimum-tlsversion.tf │ │ ├── azure-storage-account-minimum-tlsversion.yaml │ │ ├── azure-storage-blob-service-container-private-access.tf │ │ ├── azure-storage-blob-service-container-private-access.yaml │ │ ├── azure-storage-sync-public-access-disabled.tf │ │ ├── azure-storage-sync-public-access-disabled.yaml │ │ ├── azure-vmencryption-at-host-enabled.tf │ │ ├── azure-vmencryption-at-host-enabled.yaml │ │ ├── functionapp │ │ ├── functionapp-authentication-enabled.tf │ │ ├── functionapp-authentication-enabled.yaml │ │ ├── functionapp-enable-http2.tf │ │ └── functionapp-enable-http2.yaml │ │ ├── keyvault │ │ ├── keyvault-content-type-for-secret.tf │ │ ├── keyvault-content-type-for-secret.yaml │ │ ├── keyvault-ensure-key-expires.tf │ │ ├── keyvault-ensure-key-expires.yaml │ │ ├── keyvault-ensure-secret-expires.tf │ │ ├── keyvault-ensure-secret-expires.yaml │ │ ├── keyvault-purge-enabled.tf │ │ ├── keyvault-purge-enabled.yaml │ │ ├── keyvault-specify-network-acl.tf │ │ └── keyvault-specify-network-acl.yaml │ │ └── storage │ │ ├── storage-allow-microsoft-service-bypass.tf │ │ ├── storage-allow-microsoft-service-bypass.yaml │ │ ├── storage-default-action-deny.tf │ │ ├── storage-default-action-deny.yaml │ │ ├── storage-enforce-https.tf │ │ ├── storage-enforce-https.yaml │ │ ├── storage-queue-services-logging.tf │ │ ├── storage-queue-services-logging.yaml │ │ ├── storage-use-secure-tls-policy.tf │ │ └── storage-use-secure-tls-policy.yaml ├── gcp │ ├── best-practice │ │ ├── gcp-compute-shielded-vm.tf │ │ ├── gcp-compute-shielded-vm.yaml │ │ ├── gcp-compute-template-shielded-vm.tf │ │ ├── gcp-compute-template-shielded-vm.yaml │ │ ├── gcp-dnssec-enabled.tf │ │ ├── gcp-dnssec-enabled.yaml │ │ ├── gcp-gke-alias-ip-enabled.tf │ │ ├── gcp-gke-alias-ip-enabled.yaml │ │ ├── gcp-gke-binary-authorization.tf │ │ ├── gcp-gke-binary-authorization.yaml │ │ ├── gcp-gke-enable-shielded-nodes.tf │ │ ├── gcp-gke-enable-shielded-nodes.yaml │ │ ├── gcp-gke-has-labels.tf │ │ ├── gcp-gke-has-labels.yaml │ │ ├── gcp-gke-metadata-server-enabled.tf │ │ ├── gcp-gke-metadata-server-enabled.yaml │ │ ├── gcp-gke-nodepool-auto-repair-enabled.tf │ │ ├── gcp-gke-nodepool-auto-repair-enabled.yaml │ │ ├── gcp-gke-nodepool-auto-upgrade-enabled.tf │ │ ├── gcp-gke-nodepool-auto-upgrade-enabled.yaml │ │ ├── gcp-gke-nodepool-metadata-server-enabled.tf │ │ ├── gcp-gke-nodepool-metadata-server-enabled.yaml │ │ ├── gcp-gke-nodepool-secure-boot-for-shielded-nodes.tf │ │ ├── gcp-gke-nodepool-secure-boot-for-shielded-nodes.yaml │ │ ├── gcp-gke-sql-backup-configuration-enabled.tf │ │ ├── gcp-gke-sql-backup-configuration-enabled.yaml │ │ ├── gcp-gke-use-cos-image.tf │ │ ├── gcp-gke-use-cos-image.yaml │ │ ├── gcp-ipv6-private-google-enabled.tf │ │ ├── gcp-ipv6-private-google-enabled.yaml │ │ ├── gcp-mysql-local-in-file-off.tf │ │ ├── gcp-mysql-local-in-file-off.yaml │ │ ├── gcp-postgresql-log-checkpoints.tf │ │ ├── gcp-postgresql-log-checkpoints.yaml │ │ ├── gcp-postgresql-log-connection.tf │ │ ├── gcp-postgresql-log-connection.yaml │ │ ├── gcp-postgresql-log-disconnection.tf │ │ ├── gcp-postgresql-log-disconnection.yaml │ │ ├── gcp-postgresql-log-lock-waits.tf │ │ ├── gcp-postgresql-log-lock-waits.yaml │ │ ├── gcp-postgresql-log-min-duration.tf │ │ ├── gcp-postgresql-log-min-duration.yaml │ │ ├── gcp-postgresql-log-min-message.tf │ │ ├── gcp-postgresql-log-min-message.yaml │ │ ├── gcp-postgresql-log-temp.tf │ │ ├── gcp-postgresql-log-temp.yaml │ │ ├── gcp-storage-versioning-enabled.tf │ │ └── gcp-storage-versioning-enabled.yaml │ └── security │ │ ├── gcp-artifact-registry-encrypted-with-cmk.tf │ │ ├── gcp-artifact-registry-encrypted-with-cmk.yaml │ │ ├── gcp-artifact-registry-private-repo-iam-binding.tf │ │ ├── gcp-artifact-registry-private-repo-iam-binding.yaml │ │ ├── gcp-artifact-registry-private-repo-iam-member.tf │ │ ├── gcp-artifact-registry-private-repo-iam-member.yaml │ │ ├── gcp-bigquery-dataset-encrypted-with-cmk.tf │ │ ├── gcp-bigquery-dataset-encrypted-with-cmk.yaml │ │ ├── gcp-bigquery-private-table-iam-binding.tf │ │ ├── gcp-bigquery-private-table-iam-binding.yaml │ │ ├── gcp-bigquery-private-table-iam-member.tf │ │ ├── gcp-bigquery-private-table-iam-member.yaml │ │ ├── gcp-bigquery-table-encrypted-with-cmk.tf │ │ ├── gcp-bigquery-table-encrypted-with-cmk.yaml │ │ ├── gcp-bigtable-instance-encrypted-with-cmk.tf │ │ ├── gcp-bigtable-instance-encrypted-with-cmk.yaml │ │ ├── gcp-build-workers-private.tf │ │ ├── gcp-build-workers-private.yaml │ │ ├── gcp-cloud-storage-logging.tf │ │ ├── gcp-cloud-storage-logging.yaml │ │ ├── gcp-compute-boot-disk-encryption.tf │ │ ├── gcp-compute-boot-disk-encryption.yaml │ │ ├── gcp-compute-disk-encryption.tf │ │ ├── gcp-compute-disk-encryption.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-20.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-20.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-21.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-21.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-22.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-22.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-3306.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-3306.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-3389.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-3389.yaml │ │ ├── gcp-compute-firewall-unrestricted-ingress-80.tf │ │ ├── gcp-compute-firewall-unrestricted-ingress-80.yaml │ │ ├── gcp-compute-ip-forward.tf │ │ ├── gcp-compute-ip-forward.yaml │ │ ├── gcp-compute-os-login.tf │ │ ├── gcp-compute-os-login.yaml │ │ ├── gcp-compute-project-os-login.tf │ │ ├── gcp-compute-project-os-login.yaml │ │ ├── gcp-compute-public-ip.tf │ │ ├── gcp-compute-public-ip.yaml │ │ ├── gcp-compute-serial-ports.tf │ │ ├── gcp-compute-serial-ports.yaml │ │ ├── gcp-compute-ssl-policy.tf │ │ ├── gcp-compute-ssl-policy.yaml │ │ ├── gcp-compute-template-ip-forward.tf │ │ ├── gcp-compute-template-ip-forward.yaml │ │ ├── gcp-compute-template-public-ip.tf │ │ ├── gcp-compute-template-public-ip.yaml │ │ ├── gcp-dataflow-job-encrypted-with-cmk.tf │ │ ├── gcp-dataflow-job-encrypted-with-cmk.yaml │ │ ├── gcp-dataflow-private-job.tf │ │ ├── gcp-dataflow-private-job.yaml │ │ ├── gcp-datafusion-private-instance.tf │ │ ├── gcp-datafusion-private-instance.yaml │ │ ├── gcp-datafusion-stack-driver-logging.tf │ │ ├── gcp-datafusion-stack-driver-logging.yaml │ │ ├── gcp-datafusion-stack-driver-monitoring.tf │ │ ├── gcp-datafusion-stack-driver-monitoring.yaml │ │ ├── gcp-dataproc-cluster-encrypted-with-cmk.tf │ │ ├── gcp-dataproc-cluster-encrypted-with-cmk.yaml │ │ ├── gcp-dataproc-cluster-public-ip.tf │ │ ├── gcp-dataproc-cluster-public-ip.yaml │ │ ├── gcp-dataproc-private-cluster-iam-binding.tf │ │ ├── gcp-dataproc-private-cluster-iam-binding.yaml │ │ ├── gcp-dataproc-private-cluster-iam-member.tf │ │ ├── gcp-dataproc-private-cluster-iam-member.yaml │ │ ├── gcp-dns-key-specs-rsasha1.tf │ │ ├── gcp-dns-key-specs-rsasha1.yaml │ │ ├── gcp-folder-impersonation-roles-iam-binding.tf │ │ ├── gcp-folder-impersonation-roles-iam-binding.yaml │ │ ├── gcp-folder-impersonation-roles-iam-member.tf │ │ ├── gcp-folder-impersonation-roles-iam-member.yaml │ │ ├── gcp-folder-member-default-service-account-iam-binding.tf │ │ ├── gcp-folder-member-default-service-account-iam-binding.yaml │ │ ├── gcp-folder-member-default-service-account-iam-member.tf │ │ ├── gcp-folder-member-default-service-account-iam-member.yaml │ │ ├── gcp-gke-basic-auth.tf │ │ ├── gcp-gke-basic-auth.yaml │ │ ├── gcp-gke-client-certificate-disabled.tf │ │ ├── gcp-gke-client-certificate-disabled.yaml │ │ ├── gcp-gke-cluster-logging.tf │ │ ├── gcp-gke-cluster-logging.yaml │ │ ├── gcp-gke-enabled-vpc-flow-logs.tf │ │ ├── gcp-gke-enabled-vpc-flow-logs.yaml │ │ ├── gcp-gke-ensure-integrity-monitoring.tf │ │ ├── gcp-gke-ensure-integrity-monitoring.yaml │ │ ├── gcp-gke-kubernetes-rbac-google-groups.tf │ │ ├── gcp-gke-kubernetes-rbac-google-groups.yaml │ │ ├── gcp-gke-legacy-auth-enabled.tf │ │ ├── gcp-gke-legacy-auth-enabled.yaml │ │ ├── gcp-gke-legacy-instance-metadata-disabled.tf │ │ ├── gcp-gke-legacy-instance-metadata-disabled.yaml │ │ ├── gcp-gke-master-authz-networks-enabled.tf │ │ ├── gcp-gke-master-authz-networks-enabled.yaml │ │ ├── gcp-gke-monitoring-enabled.tf │ │ ├── gcp-gke-monitoring-enabled.yaml │ │ ├── gcp-gke-network-policy-enabled.tf │ │ ├── gcp-gke-network-policy-enabled.yaml │ │ ├── gcp-gke-nodepool-integrity-monitoring.tf │ │ ├── gcp-gke-nodepool-integrity-monitoring.yaml │ │ ├── gcp-gke-pod-security-policy-enabled.tf │ │ ├── gcp-gke-pod-security-policy-enabled.yaml │ │ ├── gcp-gke-private-cluster-config.tf │ │ ├── gcp-gke-private-cluster-config.yaml │ │ ├── gcp-gke-public-control-plane.tf │ │ ├── gcp-gke-public-control-plane.yaml │ │ ├── gcp-gke-secure-boot-for-shielded-nodes.tf │ │ ├── gcp-gke-secure-boot-for-shielded-nodes.yaml │ │ ├── gcp-insecure-load-balancer-tls-version.tf │ │ ├── gcp-insecure-load-balancer-tls-version.yaml │ │ ├── gcp-kms-prevent-destroy.tf │ │ ├── gcp-kms-prevent-destroy.yaml │ │ ├── gcp-memory-store-for-redis-auth-enabled.tf │ │ ├── gcp-memory-store-for-redis-auth-enabled.yaml │ │ ├── gcp-memory-store-for-redis-intransit-encryption.tf │ │ ├── gcp-memory-store-for-redis-intransit-encryption.yaml │ │ ├── gcp-org-impersonation-roles-iam-binding.tf │ │ ├── gcp-org-impersonation-roles-iam-binding.yaml │ │ ├── gcp-org-impersonation-roles-iam-member.tf │ │ ├── gcp-org-impersonation-roles-iam-member.yaml │ │ ├── gcp-org-member-default-service-account-iam-binding.tf │ │ ├── gcp-org-member-default-service-account-iam-binding.yaml │ │ ├── gcp-org-member-default-service-account-iam-member.tf │ │ ├── gcp-org-member-default-service-account-iam-member.yaml │ │ ├── gcp-project-default-network.tf │ │ ├── gcp-project-default-network.yaml │ │ ├── gcp-project-member-default-service-account-iam-binding.tf │ │ ├── gcp-project-member-default-service-account-iam-binding.yaml │ │ ├── gcp-project-member-default-service-account-iam-member.tf │ │ ├── gcp-project-member-default-service-account-iam-member.yaml │ │ ├── gcp-project-service-account-user-iam-binding.tf │ │ ├── gcp-project-service-account-user-iam-binding.yaml │ │ ├── gcp-project-service-account-user-iam-member.tf │ │ ├── gcp-project-service-account-user-iam-member.yaml │ │ ├── gcp-pubsub-encrypted-with-cmk.tf │ │ ├── gcp-pubsub-encrypted-with-cmk.yaml │ │ ├── gcp-pubsub-private-topic-iam-binding.tf │ │ ├── gcp-pubsub-private-topic-iam-binding.yaml │ │ ├── gcp-pubsub-private-topic-iam-member.tf │ │ ├── gcp-pubsub-private-topic-iam-member.yaml │ │ ├── gcp-run-private-service-iam-binding.tf │ │ ├── gcp-run-private-service-iam-binding.yaml │ │ ├── gcp-run-private-service-iam-member.tf │ │ ├── gcp-run-private-service-iam-member.yaml │ │ ├── gcp-spanner-database-encrypted-with-cmk.tf │ │ ├── gcp-spanner-database-encrypted-with-cmk.yaml │ │ ├── gcp-sql-database-require-ssl.tf │ │ ├── gcp-sql-database-require-ssl.yaml │ │ ├── gcp-sql-database-ssl-insecure-value-postgres-mysql.fixed.tf │ │ ├── gcp-sql-database-ssl-insecure-value-postgres-mysql.tf │ │ ├── gcp-sql-database-ssl-insecure-value-postgres-mysql.yaml │ │ ├── gcp-sql-database-ssl-insecure-value-sqlserver.fixed.tf │ │ ├── gcp-sql-database-ssl-insecure-value-sqlserver.tf │ │ ├── gcp-sql-database-ssl-insecure-value-sqlserver.yaml │ │ ├── gcp-sql-public-database.tf │ │ ├── gcp-sql-public-database.yaml │ │ ├── gcp-sqlserver-no-public-ip.tf │ │ ├── gcp-sqlserver-no-public-ip.yaml │ │ ├── gcp-storage-bucket-not-public-iam-binding.tf │ │ ├── gcp-storage-bucket-not-public-iam-binding.yaml │ │ ├── gcp-storage-bucket-not-public-iam-member.tf │ │ ├── gcp-storage-bucket-not-public-iam-member.yaml │ │ ├── gcp-storage-bucket-uniform-access.tf │ │ ├── gcp-storage-bucket-uniform-access.yaml │ │ ├── gcp-sub-network-logging-enabled.tf │ │ ├── gcp-sub-network-logging-enabled.yaml │ │ ├── gcp-sub-network-private-google-enabled.tf │ │ ├── gcp-sub-network-private-google-enabled.yaml │ │ ├── gcp-vertexai-dataset-encrypted-with-cmk.tf │ │ ├── gcp-vertexai-dataset-encrypted-with-cmk.yaml │ │ ├── gcp-vertexai-metadata-store-encrypted-with-cmk.tf │ │ ├── gcp-vertexai-metadata-store-encrypted-with-cmk.yaml │ │ ├── gcp-vertexai-private-instance.tf │ │ └── gcp-vertexai-private-instance.yaml └── lang │ └── security │ ├── ec2-imdsv1-optional.tf │ ├── ec2-imdsv1-optional.yaml │ ├── ecr-image-scan-on-push.tf │ ├── ecr-image-scan-on-push.yaml │ ├── eks-insufficient-control-plane-logging.tf │ ├── eks-insufficient-control-plane-logging.yaml │ ├── eks-public-endpoint-enabled.tf │ ├── eks-public-endpoint-enabled.yaml │ ├── elastic-search-encryption-at-rest.tf │ ├── elastic-search-encryption-at-rest.yaml │ ├── iam │ ├── no-iam-admin-privileges.tf │ ├── no-iam-admin-privileges.yaml │ ├── no-iam-creds-exposure.tf │ ├── no-iam-creds-exposure.yaml │ ├── no-iam-data-exfiltration.tf │ ├── no-iam-data-exfiltration.yaml │ ├── no-iam-priv-esc-funcs.tf │ ├── no-iam-priv-esc-funcs.yaml │ ├── no-iam-priv-esc-other-users.tf │ ├── no-iam-priv-esc-other-users.yaml │ ├── no-iam-priv-esc-roles.tf │ ├── no-iam-priv-esc-roles.yaml │ ├── no-iam-resource-exposure.tf │ ├── no-iam-resource-exposure.yaml │ ├── no-iam-star-actions.tf │ └── no-iam-star-actions.yaml │ ├── rds-insecure-password-storage-in-source-code.tf │ ├── rds-insecure-password-storage-in-source-code.yaml │ ├── rds-public-access.tf │ ├── rds-public-access.yaml │ ├── s3-cors-all-origins.tf │ ├── s3-cors-all-origins.yaml │ ├── s3-public-read-bucket.tf │ ├── s3-public-read-bucket.yaml │ ├── s3-public-rw-bucket.tf │ ├── s3-public-rw-bucket.yaml │ ├── s3-unencrypted-bucket.tf │ └── s3-unencrypted-bucket.yaml ├── trusted_python └── dlint-redos-detect.py ├── typescript ├── angular │ └── security │ │ └── audit │ │ ├── angular-domsanitizer.ts │ │ └── angular-domsanitizer.yaml ├── aws-cdk │ └── security │ │ ├── audit │ │ ├── awscdk-bucket-encryption.ts │ │ ├── awscdk-bucket-encryption.yml │ │ ├── awscdk-bucket-enforcessl.ts │ │ ├── awscdk-bucket-enforcessl.yml │ │ ├── awscdk-sqs-unencryptedqueue.ts │ │ └── awscdk-sqs-unencryptedqueue.yml │ │ ├── awscdk-bucket-grantpublicaccessmethod.ts │ │ ├── awscdk-bucket-grantpublicaccessmethod.yml │ │ ├── awscdk-codebuild-project-public.ts │ │ └── awscdk-codebuild-project-public.yml ├── lang │ ├── best-practice │ │ ├── moment-deprecated.tsx │ │ └── moment-deprecated.yaml │ ├── correctness │ │ ├── useless-ternary.tsx │ │ └── useless-ternary.yaml │ └── security │ │ └── audit │ │ ├── cors-regex-wildcard.tsx │ │ └── cors-regex-wildcard.yaml ├── nestjs │ └── security │ │ └── audit │ │ ├── nestjs-header-cors-any.ts │ │ ├── nestjs-header-cors-any.yaml │ │ ├── nestjs-header-xss-disabled.ts │ │ ├── nestjs-header-xss-disabled.yaml │ │ ├── nestjs-open-redirect.ts │ │ └── nestjs-open-redirect.yaml └── react │ ├── best-practice │ ├── define-styled-components-on-module-level.tsx │ ├── define-styled-components-on-module-level.yaml │ ├── react-find-dom.jsx │ ├── react-find-dom.tsx │ ├── react-find-dom.yaml │ ├── react-legacy-component.jsx │ ├── react-legacy-component.tsx │ ├── react-legacy-component.yaml │ ├── react-props-in-state.jsx │ ├── react-props-in-state.tsx │ ├── react-props-in-state.yaml │ ├── react-props-spreading.jsx │ ├── react-props-spreading.tsx │ └── react-props-spreading.yaml │ ├── portability │ └── i18next │ │ ├── i18next-key-format.tsx │ │ ├── i18next-key-format.yaml │ │ ├── jsx-label-not-i18n.tsx │ │ ├── jsx-label-not-i18n.yaml │ │ ├── jsx-not-internationalized.tsx │ │ ├── jsx-not-internationalized.yaml │ │ ├── mui-snackbar-message.tsx │ │ ├── mui-snackbar-message.yaml │ │ ├── useselect-label-not-i18n.tsx │ │ └── useselect-label-not-i18n.yaml │ └── security │ ├── audit │ ├── react-dangerouslysetinnerhtml.jsx │ ├── react-dangerouslysetinnerhtml.tsx │ ├── react-dangerouslysetinnerhtml.yaml │ ├── react-href-var.jsx │ ├── react-href-var.tsx │ ├── react-href-var.yaml │ ├── react-jwt-decoded-property.jsx │ ├── react-jwt-decoded-property.tsx │ ├── react-jwt-decoded-property.yaml │ ├── react-jwt-in-localstorage.jsx │ ├── react-jwt-in-localstorage.tsx │ ├── react-jwt-in-localstorage.yaml │ ├── react-unsanitized-method.jsx │ ├── react-unsanitized-method.tsx │ ├── react-unsanitized-method.yaml │ ├── react-unsanitized-property.jsx │ ├── react-unsanitized-property.tsx │ └── react-unsanitized-property.yaml │ ├── react-insecure-request.jsx │ ├── react-insecure-request.tsx │ ├── react-insecure-request.yaml │ ├── react-markdown-insecure-html.jsx │ ├── react-markdown-insecure-html.tsx │ └── react-markdown-insecure-html.yaml └── yaml ├── argo ├── correctness │ ├── event-binding-payload-with-hyphen.test.yaml │ └── event-binding-payload-with-hyphen.yaml └── security │ ├── argo-workflow-parameter-command-injection.test.yaml │ └── argo-workflow-parameter-command-injection.yaml ├── docker-compose └── security │ ├── exposing-docker-socket-volume.test.yaml │ ├── exposing-docker-socket-volume.yaml │ ├── no-new-privileges.test.yaml │ ├── no-new-privileges.yaml │ ├── privileged-service.test.yaml │ ├── privileged-service.yaml │ ├── seccomp-confinement-disabled.test.yaml │ ├── seccomp-confinement-disabled.yaml │ ├── selinux-separation-disabled.test.yaml │ ├── selinux-separation-disabled.yaml │ ├── writable-filesystem-service.test.yaml │ └── writable-filesystem-service.yaml ├── github-actions ├── security │ ├── allowed-unsecure-commands.test.yaml │ ├── allowed-unsecure-commands.yaml │ ├── audit │ │ ├── unsafe-add-mask-workflow-command.test.yaml │ │ └── unsafe-add-mask-workflow-command.yaml │ ├── curl-eval.test.yaml │ ├── curl-eval.yaml │ ├── detect-shai-hulud-backdoor.yaml │ ├── github-script-injection.test.yaml │ ├── github-script-injection.yaml │ ├── pull-request-target-code-checkout.test.yaml │ ├── pull-request-target-code-checkout.yaml │ ├── run-shell-injection.test.yaml │ ├── run-shell-injection.yaml │ ├── third-party-action-not-pinned-to-commit-sha.test.yml │ ├── third-party-action-not-pinned-to-commit-sha.yml │ ├── workflow-run-target-code-checkout.test.yaml │ └── workflow-run-target-code-checkout.yaml └── semgrep-configuration │ ├── semgrep-github-action-push-without-branches.test.yml │ └── semgrep-github-action-push-without-branches.yml ├── gitlab └── correctness │ ├── changes-with-when-never.test.yaml │ └── changes-with-when-never.yaml ├── kubernetes ├── best-practice │ ├── no-fractional-cpu-limits.fixed.test.yaml │ ├── no-fractional-cpu-limits.test.yaml │ └── no-fractional-cpu-limits.yaml └── security │ ├── allow-privilege-escalation-no-securitycontext.fixed.test.yaml │ ├── allow-privilege-escalation-no-securitycontext.test.yaml │ ├── allow-privilege-escalation-no-securitycontext.yaml │ ├── allow-privilege-escalation-true.fixed.test.yaml │ ├── allow-privilege-escalation-true.test.yaml │ ├── allow-privilege-escalation-true.yaml │ ├── allow-privilege-escalation.fixed.test.yaml │ ├── allow-privilege-escalation.test.yaml │ ├── allow-privilege-escalation.yaml │ ├── env │ ├── flask-debugging-enabled.test.yaml │ └── flask-debugging-enabled.yaml │ ├── exposing-docker-socket-hostpath.test.yaml │ ├── exposing-docker-socket-hostpath.yaml │ ├── hostipc-pod.test.yaml │ ├── hostipc-pod.yaml │ ├── hostnetwork-pod.test.yaml │ ├── hostnetwork-pod.yaml │ ├── hostpid-pod.test.yaml │ ├── hostpid-pod.yaml │ ├── legacy-api-clusterrole-excessive-permissions.test.yaml │ ├── legacy-api-clusterrole-excessive-permissions.yaml │ ├── privileged-container.test.yaml │ ├── privileged-container.yaml │ ├── run-as-non-root-container-level-missing-security-context.fixed.test.yaml │ ├── run-as-non-root-container-level-missing-security-context.test.yaml │ ├── run-as-non-root-container-level-missing-security-context.yaml │ ├── run-as-non-root-container-level.fixed.test.yaml │ ├── run-as-non-root-container-level.test.yaml │ ├── run-as-non-root-container-level.yaml │ ├── run-as-non-root-security-context-pod-level.fixed.test.yaml │ ├── run-as-non-root-security-context-pod-level.test.yaml │ ├── run-as-non-root-security-context-pod-level.yaml │ ├── run-as-non-root-unsafe-value.fixed.test.yaml │ ├── run-as-non-root-unsafe-value.test.yaml │ ├── run-as-non-root-unsafe-value.yaml │ ├── run-as-non-root.fixed.test.yaml │ ├── run-as-non-root.test.yaml │ ├── run-as-non-root.yaml │ ├── seccomp-confinement-disabled.test.yaml │ ├── seccomp-confinement-disabled.yaml │ ├── secrets-in-config-file.test.yaml │ ├── secrets-in-config-file.yaml │ ├── skip-tls-verify-cluster.test.yaml │ ├── skip-tls-verify-cluster.yaml │ ├── skip-tls-verify-service.test.yaml │ ├── skip-tls-verify-service.yaml │ ├── writable-filesystem-container.test.yaml │ └── writable-filesystem-container.yaml ├── openapi └── security │ ├── api-key-in-query-parameter.test.yaml │ ├── api-key-in-query-parameter.yaml │ ├── openai-consequential-action-false.test.yaml │ ├── openai-consequential-action-false.yaml │ ├── use-of-basic-authentication.test.yaml │ └── use-of-basic-authentication.yaml └── semgrep ├── consistency ├── generate_rules.py ├── lang-consistency-bash.yaml ├── lang-consistency-cpp.yaml ├── lang-consistency-csharp.yaml ├── lang-consistency-dockerfile.yaml ├── lang-consistency-elixir.yaml ├── lang-consistency-go.yaml ├── lang-consistency-hcl.yaml ├── lang-consistency-js.yaml ├── lang-consistency-kotlin.yaml ├── lang-consistency-python.yaml ├── lang-consistency-regex.yaml ├── lang-consistency-solidity.yaml └── lang-consistency-ts.yaml ├── duplicate-id.test.yaml ├── duplicate-id.yaml ├── duplicate-pattern.test.yaml ├── duplicate-pattern.yaml ├── empty-message.test.yaml ├── empty-message.yaml ├── interfile-true-under-metadata-and-no-options.fixed.test.yaml ├── interfile-true-under-metadata-and-no-options.test.yaml ├── interfile-true-under-metadata-and-no-options.yaml ├── interfile-true-under-metadata-and-options-already-present.fixed.test.yaml ├── interfile-true-under-metadata-and-options-already-present.test.yaml ├── interfile-true-under-metadata-and-options-already-present.yaml ├── key-indentation.test.yaml ├── key-indentation.yaml ├── message-whitespace.test.yaml ├── message-whitespace.yaml ├── metadata-category.test.yaml ├── metadata-category.yaml ├── metadata-confidence-incorrect-value.test.yaml ├── metadata-confidence-incorrect-value.yaml ├── metadata-confidence.test.yaml ├── metadata-confidence.yaml ├── metadata-cwe-prohibited-or-discouraged.test.yaml ├── metadata-cwe-prohibited-or-discouraged.yaml ├── metadata-cwe.test.yaml ├── metadata-cwe.yaml ├── metadata-deepsemgrep.test.yaml ├── metadata-deepsemgrep.yaml ├── metadata-impact-incorrect-value.test.yaml ├── metadata-impact-incorrect-value.yaml ├── metadata-impact.test.yaml ├── metadata-impact.yaml ├── metadata-incorrect-option.test.yaml ├── metadata-incorrect-option.yaml ├── metadata-license.test.yaml ├── metadata-license.yaml ├── metadata-likelihood-incorrect-value.test.yaml ├── metadata-likelihood-incorrect-value.yaml ├── metadata-likelihood.test.yaml ├── metadata-likelihood.yaml ├── metadata-owasp.test.yaml ├── metadata-owasp.yaml ├── metadata-references.test.yaml ├── metadata-references.yaml ├── metadata-subcategory-incorrect-value.test.yaml ├── metadata-subcategory-incorrect-value.yaml ├── metadata-subcategory.test.yaml ├── metadata-subcategory.yaml ├── metadata-technology.test.yaml ├── metadata-technology.yaml ├── missing-language-field.test.yaml ├── missing-language-field.yaml ├── missing-message-field.test.yaml ├── missing-message-field.yaml ├── multi-line-message.test.yaml ├── multi-line-message.yaml ├── rule-missing-deconstructed-value.test.yaml ├── rule-missing-deconstructed-value.yaml ├── slow-pattern-general-function.test.yaml ├── slow-pattern-general-function.yaml ├── slow-pattern-general-property.test.yaml ├── slow-pattern-general-property.yaml ├── slow-pattern-single-metavariable.test.yaml ├── slow-pattern-single-metavariable.yaml ├── slow-pattern-top-ellipsis.test.yaml ├── slow-pattern-top-ellipsis.yaml ├── unnecessary-parent.test.yaml ├── unnecessary-parent.yaml ├── unsatisfiable.test.yaml └── unsatisfiable.yaml /.codemapignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.codemapignore -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/check.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/ISSUE_TEMPLATE/check.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/rule_bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/ISSUE_TEMPLATE/rule_bug_report.md -------------------------------------------------------------------------------- /.github/scripts/validate-metadata.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/scripts/validate-metadata.py -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/stale.yml -------------------------------------------------------------------------------- /.github/workflows/num-rules.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/workflows/num-rules.yml -------------------------------------------------------------------------------- /.github/workflows/pre-commit.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/workflows/pre-commit.yml -------------------------------------------------------------------------------- /.github/workflows/semgrep-rule-lints.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/workflows/semgrep-rule-lints.yaml -------------------------------------------------------------------------------- /.github/workflows/semgrep-rules-test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/workflows/semgrep-rules-test.yml -------------------------------------------------------------------------------- /.github/workflows/update-semgrep-dev.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.github/workflows/update-semgrep-dev.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.semgrepignore: -------------------------------------------------------------------------------- 1 | template.yaml 2 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/Makefile -------------------------------------------------------------------------------- /Pipfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/Pipfile -------------------------------------------------------------------------------- /Pipfile.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/Pipfile.lock -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/SECURITY.md -------------------------------------------------------------------------------- /ai/csharp/detect-openai.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/csharp/detect-openai.cs -------------------------------------------------------------------------------- /ai/csharp/detect-openai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/csharp/detect-openai.yaml -------------------------------------------------------------------------------- /ai/dart/detect-gemini.dart: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/dart/detect-gemini.dart -------------------------------------------------------------------------------- /ai/dart/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/dart/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-anthprop.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-anthprop.txt -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-anthprop.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-anthprop.yaml -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-api.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-api.js -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-api.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-api.yaml -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-gem.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-gem.html -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-gem.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-gem.yaml -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-oai.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-oai.txt -------------------------------------------------------------------------------- /ai/generic/detect-generic-ai-oai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/generic/detect-generic-ai-oai.yaml -------------------------------------------------------------------------------- /ai/go/detect-gemini.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/go/detect-gemini.go -------------------------------------------------------------------------------- /ai/go/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/go/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/go/detect-openai.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/go/detect-openai.go -------------------------------------------------------------------------------- /ai/go/detect-openai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/go/detect-openai.yaml -------------------------------------------------------------------------------- /ai/kotlin/detect-gemini.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/kotlin/detect-gemini.kt -------------------------------------------------------------------------------- /ai/kotlin/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/kotlin/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/python/detect-anthropic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-anthropic.py -------------------------------------------------------------------------------- /ai/python/detect-anthropic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-anthropic.yaml -------------------------------------------------------------------------------- /ai/python/detect-gemini.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-gemini.py -------------------------------------------------------------------------------- /ai/python/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/python/detect-huggingface.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-huggingface.py -------------------------------------------------------------------------------- /ai/python/detect-huggingface.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-huggingface.yaml -------------------------------------------------------------------------------- /ai/python/detect-langchain.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-langchain.py -------------------------------------------------------------------------------- /ai/python/detect-langchain.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-langchain.yaml -------------------------------------------------------------------------------- /ai/python/detect-mistral.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-mistral.py -------------------------------------------------------------------------------- /ai/python/detect-mistral.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-mistral.yaml -------------------------------------------------------------------------------- /ai/python/detect-openai.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-openai.py -------------------------------------------------------------------------------- /ai/python/detect-openai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-openai.yaml -------------------------------------------------------------------------------- /ai/python/detect-pytorch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-pytorch.py -------------------------------------------------------------------------------- /ai/python/detect-pytorch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-pytorch.yaml -------------------------------------------------------------------------------- /ai/python/detect-tensorflow.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-tensorflow.py -------------------------------------------------------------------------------- /ai/python/detect-tensorflow.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/python/detect-tensorflow.yaml -------------------------------------------------------------------------------- /ai/swift/detect-apple-core-ml.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/swift/detect-apple-core-ml.swift -------------------------------------------------------------------------------- /ai/swift/detect-apple-core-ml.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/swift/detect-apple-core-ml.yaml -------------------------------------------------------------------------------- /ai/swift/detect-gemini.swift: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/swift/detect-gemini.swift -------------------------------------------------------------------------------- /ai/swift/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/swift/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-anthropic.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-anthropic.ts -------------------------------------------------------------------------------- /ai/typescript/detect-anthropic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-anthropic.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-gemini.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-gemini.ts -------------------------------------------------------------------------------- /ai/typescript/detect-gemini.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-gemini.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-mistral.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-mistral.ts -------------------------------------------------------------------------------- /ai/typescript/detect-mistral.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-mistral.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-openai.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-openai.ts -------------------------------------------------------------------------------- /ai/typescript/detect-openai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-openai.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-promptfoo.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-promptfoo.ts -------------------------------------------------------------------------------- /ai/typescript/detect-promptfoo.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-promptfoo.yaml -------------------------------------------------------------------------------- /ai/typescript/detect-vercel-ai.ts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-vercel-ai.ts -------------------------------------------------------------------------------- /ai/typescript/detect-vercel-ai.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ai/typescript/detect-vercel-ai.yaml -------------------------------------------------------------------------------- /bash/curl/security/curl-eval.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/curl/security/curl-eval.bash -------------------------------------------------------------------------------- /bash/curl/security/curl-eval.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/curl/security/curl-eval.yaml -------------------------------------------------------------------------------- /bash/curl/security/curl-pipe-bash.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/curl/security/curl-pipe-bash.bash -------------------------------------------------------------------------------- /bash/curl/security/curl-pipe-bash.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/curl/security/curl-pipe-bash.yaml -------------------------------------------------------------------------------- /bash/lang/best-practice/useless-cat.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/best-practice/useless-cat.bash -------------------------------------------------------------------------------- /bash/lang/best-practice/useless-cat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/best-practice/useless-cat.yaml -------------------------------------------------------------------------------- /bash/lang/correctness/unquoted-expansion.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/correctness/unquoted-expansion.bash -------------------------------------------------------------------------------- /bash/lang/correctness/unquoted-expansion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/correctness/unquoted-expansion.yaml -------------------------------------------------------------------------------- /bash/lang/security/ifs-tampering.bash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/security/ifs-tampering.bash -------------------------------------------------------------------------------- /bash/lang/security/ifs-tampering.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/bash/lang/security/ifs-tampering.yaml -------------------------------------------------------------------------------- /c/lang/correctness/c-string-equality.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/c-string-equality.c -------------------------------------------------------------------------------- /c/lang/correctness/c-string-equality.fixed.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/c-string-equality.fixed.c -------------------------------------------------------------------------------- /c/lang/correctness/c-string-equality.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/c-string-equality.yaml -------------------------------------------------------------------------------- /c/lang/correctness/goto-fail.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/goto-fail.c -------------------------------------------------------------------------------- /c/lang/correctness/goto-fail.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/goto-fail.yaml -------------------------------------------------------------------------------- /c/lang/correctness/incorrect-use-ato-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/incorrect-use-ato-fn.c -------------------------------------------------------------------------------- /c/lang/correctness/incorrect-use-ato-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/incorrect-use-ato-fn.yaml -------------------------------------------------------------------------------- /c/lang/correctness/incorrect-use-sscanf-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/correctness/incorrect-use-sscanf-fn.c -------------------------------------------------------------------------------- /c/lang/security/double-free.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/double-free.c -------------------------------------------------------------------------------- /c/lang/security/double-free.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/double-free.yaml -------------------------------------------------------------------------------- /c/lang/security/function-use-after-free.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/function-use-after-free.c -------------------------------------------------------------------------------- /c/lang/security/function-use-after-free.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/function-use-after-free.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-gets-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-gets-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-gets-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-gets-fn.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-memset.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-memset.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-memset.fixed.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-memset.fixed.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-memset.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-memset.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-printf-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-printf-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-printf-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-printf-fn.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-scanf-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-scanf-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-scanf-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-scanf-fn.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-strcat-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-strcat-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-strcat-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-strcat-fn.yaml -------------------------------------------------------------------------------- /c/lang/security/insecure-use-string-copy-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-string-copy-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-strtok-fn.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-strtok-fn.c -------------------------------------------------------------------------------- /c/lang/security/insecure-use-strtok-fn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/insecure-use-strtok-fn.yaml -------------------------------------------------------------------------------- /c/lang/security/random-fd-exhaustion.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/random-fd-exhaustion.c -------------------------------------------------------------------------------- /c/lang/security/random-fd-exhaustion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/random-fd-exhaustion.yaml -------------------------------------------------------------------------------- /c/lang/security/use-after-free.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/use-after-free.c -------------------------------------------------------------------------------- /c/lang/security/use-after-free.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/c/lang/security/use-after-free.yaml -------------------------------------------------------------------------------- /clojure/lang/security/use-of-md5.clj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/clojure/lang/security/use-of-md5.clj -------------------------------------------------------------------------------- /clojure/lang/security/use-of-md5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/clojure/lang/security/use-of-md5.yaml -------------------------------------------------------------------------------- /clojure/lang/security/use-of-sha1.clj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/clojure/lang/security/use-of-sha1.clj -------------------------------------------------------------------------------- /clojure/lang/security/use-of-sha1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/clojure/lang/security/use-of-sha1.yaml -------------------------------------------------------------------------------- /csharp/dotnet/security/use_ecb_mode.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/dotnet/security/use_ecb_mode.cs -------------------------------------------------------------------------------- /csharp/dotnet/security/use_ecb_mode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/dotnet/security/use_ecb_mode.yaml -------------------------------------------------------------------------------- /csharp/lang/security/injections/os-command.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/injections/os-command.cs -------------------------------------------------------------------------------- /csharp/lang/security/missing-hsts-header.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/missing-hsts-header.cs -------------------------------------------------------------------------------- /csharp/lang/security/missing-hsts-header.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/missing-hsts-header.yaml -------------------------------------------------------------------------------- /csharp/lang/security/open-redirect.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/open-redirect.cs -------------------------------------------------------------------------------- /csharp/lang/security/open-redirect.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/open-redirect.yaml -------------------------------------------------------------------------------- /csharp/lang/security/sqli/csharp-sqli.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/sqli/csharp-sqli.cs -------------------------------------------------------------------------------- /csharp/lang/security/sqli/csharp-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/sqli/csharp-sqli.yaml -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/http-client.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/http-client.cs -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/http-client.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/http-client.yaml -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/rest-client.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/rest-client.cs -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/rest-client.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/rest-client.yaml -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/web-client.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/web-client.cs -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/web-client.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/web-client.yaml -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/web-request.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/web-request.cs -------------------------------------------------------------------------------- /csharp/lang/security/ssrf/web-request.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/ssrf/web-request.yaml -------------------------------------------------------------------------------- /csharp/lang/security/stacktrace-disclosure.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/lang/security/stacktrace-disclosure.cs -------------------------------------------------------------------------------- /csharp/razor/security/html-raw-json.cshtml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/razor/security/html-raw-json.cshtml -------------------------------------------------------------------------------- /csharp/razor/security/html-raw-json.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/csharp/razor/security/html-raw-json.yaml -------------------------------------------------------------------------------- /dockerfile/best-practice/prefer-apt-get.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/best-practice/prefer-apt-get.yaml -------------------------------------------------------------------------------- /dockerfile/best-practice/set-pipefail.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/best-practice/set-pipefail.yaml -------------------------------------------------------------------------------- /dockerfile/best-practice/use-workdir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/best-practice/use-workdir.yaml -------------------------------------------------------------------------------- /dockerfile/correctness/invalid-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/correctness/invalid-port.yaml -------------------------------------------------------------------------------- /dockerfile/security/dockerd-socket-mount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/security/dockerd-socket-mount.yaml -------------------------------------------------------------------------------- /dockerfile/security/last-user-is-root.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/security/last-user-is-root.yaml -------------------------------------------------------------------------------- /dockerfile/security/missing-user.dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/security/missing-user.dockerfile -------------------------------------------------------------------------------- /dockerfile/security/missing-user.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/security/missing-user.yaml -------------------------------------------------------------------------------- /dockerfile/security/secret-in-build-arg.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/dockerfile/security/secret-in-build-arg.yaml -------------------------------------------------------------------------------- /elixir/lang/best-practice/deprecated-bxor-operator.exs: -------------------------------------------------------------------------------- 1 | # ruleid: deprecated_bxor_operator 2 | 1 ^^^ 0 3 | -------------------------------------------------------------------------------- /elixir/lang/best-practice/deprecated-bxor-operator.fixed.exs: -------------------------------------------------------------------------------- 1 | # ruleid: deprecated_bxor_operator 2 | Bitwise.bxor(1, 0) 3 | -------------------------------------------------------------------------------- /elixir/lang/best-practice/enum-map-into.exs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/best-practice/enum-map-into.exs -------------------------------------------------------------------------------- /elixir/lang/best-practice/enum-map-into.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/best-practice/enum-map-into.yaml -------------------------------------------------------------------------------- /elixir/lang/best-practice/enum-map-join.exs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/best-practice/enum-map-join.exs -------------------------------------------------------------------------------- /elixir/lang/best-practice/enum-map-join.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/best-practice/enum-map-join.yaml -------------------------------------------------------------------------------- /elixir/lang/correctness/atom-exhaustion.exs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/correctness/atom-exhaustion.exs -------------------------------------------------------------------------------- /elixir/lang/correctness/atom-exhaustion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/elixir/lang/correctness/atom-exhaustion.yaml -------------------------------------------------------------------------------- /generic/ci/audit/changed-semgrepignore.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/ci/audit/changed-semgrepignore.yaml -------------------------------------------------------------------------------- /generic/ci/security/bash-reverse-shell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/ci/security/bash-reverse-shell.yaml -------------------------------------------------------------------------------- /generic/nginx/security/header-injection.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/header-injection.conf -------------------------------------------------------------------------------- /generic/nginx/security/header-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/header-injection.yaml -------------------------------------------------------------------------------- /generic/nginx/security/insecure-redirect.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/insecure-redirect.yaml -------------------------------------------------------------------------------- /generic/nginx/security/missing-internal.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/missing-internal.conf -------------------------------------------------------------------------------- /generic/nginx/security/missing-internal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/missing-internal.yaml -------------------------------------------------------------------------------- /generic/nginx/security/request-host-used.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/request-host-used.conf -------------------------------------------------------------------------------- /generic/nginx/security/request-host-used.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/nginx/security/request-host-used.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/adafruit-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/adafruit-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/adobe-client-id.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/adobe-client-id.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/adobe-client-id.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/adobe-client-id.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/age-secret-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/age-secret-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/age-secret-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/age-secret-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/airtable-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/airtable-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/algolia-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/algolia-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/algolia-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/algolia-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/asana-client-id.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/asana-client-id.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/asana-client-id.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/asana-client-id.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/aws-access-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/aws-access-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/beamer-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/beamer-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/clojars-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/clojars-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/digitalocean-pat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/digitalocean-pat.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/discord-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/discord-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/discord-client-id.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/discord-client-id.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/doppler-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/doppler-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/dropbox-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/dropbox-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/duffel-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/duffel-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/etsy-access-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/etsy-access-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/facebook-secret.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/facebook-secret.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/facebook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/facebook.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/facebook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/facebook.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/fastly-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/fastly-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/frameio-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/frameio-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gcp-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gcp-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gcp-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gcp-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/generic-api-key.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/generic-api-key.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/generic-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/generic-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/github-app-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/github-app-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/github-oauth.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/github-oauth.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/github-oauth.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/github-oauth.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/github-pat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/github-pat.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/github-pat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/github-pat.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-pat.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-pat.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-pat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-pat.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-ptt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-ptt.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-ptt.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-ptt.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-rrt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-rrt.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/gitlab-rrt.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/gitlab-rrt.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/grafana-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/grafana-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/grafana-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/grafana-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/harness-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/harness-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/heroku-api-key.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/heroku-api-key.js -------------------------------------------------------------------------------- /generic/secrets/gitleaks/heroku-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/heroku-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/hubspot-api-key.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/hubspot-api-key.js -------------------------------------------------------------------------------- /generic/secrets/gitleaks/hubspot-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/hubspot-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/infracost-api-token.txt: -------------------------------------------------------------------------------- 1 | // ruleid: infracost-api-token 2 | ico-l3kosWUVivF5TKFCWjMNVLppIkxPo4op 3 | -------------------------------------------------------------------------------- /generic/secrets/gitleaks/intercom-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/intercom-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jfrog-api-key.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jfrog-api-key.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jfrog-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jfrog-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jwt-base64.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jwt-base64.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jwt-base64.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jwt-base64.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jwt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jwt.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/jwt.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/jwt.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/kucoin-secret-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/kucoin-secret-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/linear-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/linear-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/linear-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/linear-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/lob-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/lob-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/lob-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/lob-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/lob-pub-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/lob-pub-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/lob-pub-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/lob-pub-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/mailchimp-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/mailchimp-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/mailgun-pub-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/mailgun-pub-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/mailgun-pub-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/mailgun-pub-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/mapbox-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/mapbox-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/npm-access-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/npm-access-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/okta-access-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/okta-access-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/openai-api-key.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/openai-api-key.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/openai-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/openai-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/plaid-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/plaid-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/plaid-api-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/plaid-api-token.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/plaid-client-id.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/plaid-client-id.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/plaid-client-id.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/plaid-client-id.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/plaid-secret-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/plaid-secret-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/postman-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/postman-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/prefect-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/prefect-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/private-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/private-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/private-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/private-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/pulumi-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/pulumi-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/pypi-upload-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/pypi-upload-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/readme-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/readme-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/shippo-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/shippo-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/sidekiq-secret.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/sidekiq-secret.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/sidekiq-secret.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/sidekiq-secret.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-app-token.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-app-token.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-app-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-app-token.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-bot-token.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-bot-token.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-bot-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-bot-token.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-user-token.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-user-token.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/slack-web-hook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/slack-web-hook.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/snyk-api-token.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/snyk-api-token.txt -------------------------------------------------------------------------------- /generic/secrets/gitleaks/snyk-api-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/snyk-api-token.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/twilio-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/twilio-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/twilio-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/twilio-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/twitch-api-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/twitch-api-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/twitter-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/twitter-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/twitter-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/twitter-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/gitleaks/vault-batch-token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/vault-batch-token.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/yandex-api-key.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/yandex-api-key.go -------------------------------------------------------------------------------- /generic/secrets/gitleaks/yandex-api-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/secrets/gitleaks/yandex-api-key.yaml -------------------------------------------------------------------------------- /generic/secrets/security/detected-kolide-api-key.txt: -------------------------------------------------------------------------------- 1 | # ruleid: detected-kolide-api-key 2 | k2sk_v1_K2UYhW7OPt2jKKLqmFacGNK7 3 | -------------------------------------------------------------------------------- /generic/secrets/security/detected-mailgun-api-key.txt: -------------------------------------------------------------------------------- 1 | # ruleid: detected-mailgun-api-key 2 | key-e98f02fb71f9ee886e96588012341ca0 3 | -------------------------------------------------------------------------------- /generic/secrets/security/google-maps-apikeyleak.generic: -------------------------------------------------------------------------------- 1 | # ruleid: google-maps-apikeyleak 2 | AIzaSyAOVYRIgupAurZup5y1PRh8Ismb1A3lLao 3 | -------------------------------------------------------------------------------- /generic/unicode/security/bidi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/unicode/security/bidi.py -------------------------------------------------------------------------------- /generic/unicode/security/bidi.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/generic/unicode/security/bidi.yml -------------------------------------------------------------------------------- /go/aws-lambda/security/database-sqli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/aws-lambda/security/database-sqli.go -------------------------------------------------------------------------------- /go/aws-lambda/security/database-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/aws-lambda/security/database-sqli.yaml -------------------------------------------------------------------------------- /go/aws-lambda/security/tainted-sql-string.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/aws-lambda/security/tainted-sql-string.go -------------------------------------------------------------------------------- /go/jwt-go/security/jwt-none-alg.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/jwt-go/security/jwt-none-alg.go -------------------------------------------------------------------------------- /go/jwt-go/security/jwt-none-alg.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/jwt-go/security/jwt-none-alg.yaml -------------------------------------------------------------------------------- /go/jwt-go/security/jwt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/jwt-go/security/jwt.go -------------------------------------------------------------------------------- /go/jwt-go/security/jwt.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/jwt-go/security/jwt.yaml -------------------------------------------------------------------------------- /go/lang/best-practice/hidden-goroutine.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/best-practice/hidden-goroutine.go -------------------------------------------------------------------------------- /go/lang/best-practice/hidden-goroutine.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/best-practice/hidden-goroutine.yaml -------------------------------------------------------------------------------- /go/lang/correctness/dos/zip_bomb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/dos/zip_bomb.go -------------------------------------------------------------------------------- /go/lang/correctness/dos/zlib_bomb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/dos/zlib_bomb.go -------------------------------------------------------------------------------- /go/lang/correctness/looppointer.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/looppointer.go -------------------------------------------------------------------------------- /go/lang/correctness/looppointer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/looppointer.yaml -------------------------------------------------------------------------------- /go/lang/correctness/overflow/overflow.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/overflow/overflow.go -------------------------------------------------------------------------------- /go/lang/correctness/overflow/overflow.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/overflow/overflow.yaml -------------------------------------------------------------------------------- /go/lang/correctness/use-filepath-join.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/use-filepath-join.go -------------------------------------------------------------------------------- /go/lang/correctness/use-filepath-join.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/use-filepath-join.yaml -------------------------------------------------------------------------------- /go/lang/correctness/useless-eqeq.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/useless-eqeq.go -------------------------------------------------------------------------------- /go/lang/correctness/useless-eqeq.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/correctness/useless-eqeq.yaml -------------------------------------------------------------------------------- /go/lang/maintainability/useless-ifelse.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/maintainability/useless-ifelse.go -------------------------------------------------------------------------------- /go/lang/maintainability/useless-ifelse.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/maintainability/useless-ifelse.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/bad_imports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/bad_imports.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/insecure_ssh.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/insecure_ssh.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/math_random.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/math_random.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/sha224-hash.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/sha224-hash.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/ssl.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/ssl.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/ssl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/ssl.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/tls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/tls.go -------------------------------------------------------------------------------- /go/lang/security/audit/crypto/tls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/crypto/tls.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/dangerous-exec-cmd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/dangerous-exec-cmd.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/bind_all.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/bind_all.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/bind_all.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/bind_all.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/net/pprof.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/pprof.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/pprof.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/pprof.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/net/pprof_good.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/pprof_good.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/pprof_good2.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/pprof_good2.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/use-tls.fixed.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/use-tls.fixed.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/use-tls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/use-tls.go -------------------------------------------------------------------------------- /go/lang/security/audit/net/use-tls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/net/use-tls.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/reflect-makefunc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/reflect-makefunc.go -------------------------------------------------------------------------------- /go/lang/security/audit/reflect-makefunc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/reflect-makefunc.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/gosql-sqli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/gosql-sqli.go -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/gosql-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/gosql-sqli.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pg-orm-sqli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pg-orm-sqli.go -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pg-orm-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pg-orm-sqli.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pg-sqli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pg-sqli.go -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pg-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pg-sqli.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pgx-sqli.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pgx-sqli.go -------------------------------------------------------------------------------- /go/lang/security/audit/sqli/pgx-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/sqli/pgx-sqli.yaml -------------------------------------------------------------------------------- /go/lang/security/audit/unsafe.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/unsafe.go -------------------------------------------------------------------------------- /go/lang/security/audit/unsafe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/audit/unsafe.yaml -------------------------------------------------------------------------------- /go/lang/security/bad_tmp.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/bad_tmp.go -------------------------------------------------------------------------------- /go/lang/security/bad_tmp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/bad_tmp.yaml -------------------------------------------------------------------------------- /go/lang/security/decompression_bomb.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/decompression_bomb.go -------------------------------------------------------------------------------- /go/lang/security/decompression_bomb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/decompression_bomb.yaml -------------------------------------------------------------------------------- /go/lang/security/filepath-clean-misuse.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/filepath-clean-misuse.go -------------------------------------------------------------------------------- /go/lang/security/filepath-clean-misuse.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/filepath-clean-misuse.yaml -------------------------------------------------------------------------------- /go/lang/security/injection/open-redirect.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/injection/open-redirect.go -------------------------------------------------------------------------------- /go/lang/security/injection/open-redirect.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/injection/open-redirect.yaml -------------------------------------------------------------------------------- /go/lang/security/injection/raw-html-format.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/injection/raw-html-format.go -------------------------------------------------------------------------------- /go/lang/security/reverseproxy-director.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/reverseproxy-director.go -------------------------------------------------------------------------------- /go/lang/security/reverseproxy-director.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/reverseproxy-director.yaml -------------------------------------------------------------------------------- /go/lang/security/zip.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/zip.go -------------------------------------------------------------------------------- /go/lang/security/zip.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/lang/security/zip.yaml -------------------------------------------------------------------------------- /go/otto/security/audit/dangerous-execution.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/otto/security/audit/dangerous-execution.go -------------------------------------------------------------------------------- /go/template/security/insecure-types.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/template/security/insecure-types.go -------------------------------------------------------------------------------- /go/template/security/insecure-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/template/security/insecure-types.yaml -------------------------------------------------------------------------------- /go/template/security/ssti.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/template/security/ssti.go -------------------------------------------------------------------------------- /go/template/security/ssti.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/go/template/security/ssti.yaml -------------------------------------------------------------------------------- /html/best-practice/robots-denied.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/best-practice/robots-denied.html -------------------------------------------------------------------------------- /html/best-practice/robots-denied.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/best-practice/robots-denied.yaml -------------------------------------------------------------------------------- /html/correctness/https-equiv.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/correctness/https-equiv.html -------------------------------------------------------------------------------- /html/correctness/https-equiv.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/correctness/https-equiv.yaml -------------------------------------------------------------------------------- /html/security/audit/eval-detected.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/audit/eval-detected.html -------------------------------------------------------------------------------- /html/security/audit/eval-detected.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/audit/eval-detected.yaml -------------------------------------------------------------------------------- /html/security/audit/missing-integrity.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/audit/missing-integrity.html -------------------------------------------------------------------------------- /html/security/audit/missing-integrity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/audit/missing-integrity.yaml -------------------------------------------------------------------------------- /html/security/plaintext-http-link.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/plaintext-http-link.html -------------------------------------------------------------------------------- /html/security/plaintext-http-link.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/html/security/plaintext-http-link.yaml -------------------------------------------------------------------------------- /java/android/security/exported_activity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/android/security/exported_activity.yaml -------------------------------------------------------------------------------- /java/aws-lambda/security/tainted-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/aws-lambda/security/tainted-sqli.java -------------------------------------------------------------------------------- /java/aws-lambda/security/tainted-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/aws-lambda/security/tainted-sqli.yaml -------------------------------------------------------------------------------- /java/java-jwt/security/jwt-hardcode.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/java-jwt/security/jwt-hardcode.java -------------------------------------------------------------------------------- /java/java-jwt/security/jwt-hardcode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/java-jwt/security/jwt-hardcode.yaml -------------------------------------------------------------------------------- /java/java-jwt/security/jwt-none-alg.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/java-jwt/security/jwt-none-alg.java -------------------------------------------------------------------------------- /java/java-jwt/security/jwt-none-alg.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/java-jwt/security/jwt-none-alg.yaml -------------------------------------------------------------------------------- /java/jax-rs/security/insecure-resteasy.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jax-rs/security/insecure-resteasy.java -------------------------------------------------------------------------------- /java/jax-rs/security/insecure-resteasy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jax-rs/security/insecure-resteasy.yaml -------------------------------------------------------------------------------- /java/jboss/security/seam-log-injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jboss/security/seam-log-injection.java -------------------------------------------------------------------------------- /java/jboss/security/seam-log-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jboss/security/seam-log-injection.yaml -------------------------------------------------------------------------------- /java/jboss/security/session_sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jboss/security/session_sqli.java -------------------------------------------------------------------------------- /java/jboss/security/session_sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jboss/security/session_sqli.yaml -------------------------------------------------------------------------------- /java/jjwt/security/jwt-none-alg.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jjwt/security/jwt-none-alg.java -------------------------------------------------------------------------------- /java/jjwt/security/jwt-none-alg.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/jjwt/security/jwt-none-alg.yaml -------------------------------------------------------------------------------- /java/lang/correctness/eqeq.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/correctness/eqeq.java -------------------------------------------------------------------------------- /java/lang/correctness/eqeq.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/correctness/eqeq.yaml -------------------------------------------------------------------------------- /java/lang/correctness/no-string-eqeq.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/correctness/no-string-eqeq.java -------------------------------------------------------------------------------- /java/lang/correctness/no-string-eqeq.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/correctness/no-string-eqeq.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/crypto/weak-rsa.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/crypto/weak-rsa.java -------------------------------------------------------------------------------- /java/lang/security/audit/crypto/weak-rsa.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/crypto/weak-rsa.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/el-injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/el-injection.java -------------------------------------------------------------------------------- /java/lang/security/audit/el-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/el-injection.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/ldap-injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/ldap-injection.java -------------------------------------------------------------------------------- /java/lang/security/audit/ldap-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/ldap-injection.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/ognl-injection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/ognl-injection.java -------------------------------------------------------------------------------- /java/lang/security/audit/ognl-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/ognl-injection.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/permissive-cors.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/permissive-cors.java -------------------------------------------------------------------------------- /java/lang/security/audit/permissive-cors.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/permissive-cors.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jdbc-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jdbc-sqli.java -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jdbc-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jdbc-sqli.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jdo-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jdo-sqli.java -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jdo-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jdo-sqli.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jpa-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jpa-sqli.java -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/jpa-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/jpa-sqli.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/vertx-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/vertx-sqli.java -------------------------------------------------------------------------------- /java/lang/security/audit/sqli/vertx-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/sqli/vertx-sqli.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/url-rewriting.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/url-rewriting.java -------------------------------------------------------------------------------- /java/lang/security/audit/url-rewriting.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/url-rewriting.yaml -------------------------------------------------------------------------------- /java/lang/security/audit/xml-decoder.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/xml-decoder.java -------------------------------------------------------------------------------- /java/lang/security/audit/xml-decoder.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/audit/xml-decoder.yaml -------------------------------------------------------------------------------- /java/lang/security/do-privileged-use.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/do-privileged-use.java -------------------------------------------------------------------------------- /java/lang/security/do-privileged-use.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/lang/security/do-privileged-use.yaml -------------------------------------------------------------------------------- /java/servlets/security/cookie-setSecure.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/servlets/security/cookie-setSecure.java -------------------------------------------------------------------------------- /java/servlets/security/cookie-setSecure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/servlets/security/cookie-setSecure.yaml -------------------------------------------------------------------------------- /java/spring/security/audit/spring-sqli.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/spring/security/audit/spring-sqli.java -------------------------------------------------------------------------------- /java/spring/security/audit/spring-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/java/spring/security/audit/spring-sqli.yaml -------------------------------------------------------------------------------- /javascript/aws-lambda/security/knex-sqli.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/aws-lambda/security/knex-sqli.js -------------------------------------------------------------------------------- /javascript/aws-lambda/security/knex-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/aws-lambda/security/knex-sqli.yaml -------------------------------------------------------------------------------- /javascript/aws-lambda/security/mysql-sqli.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/aws-lambda/security/mysql-sqli.js -------------------------------------------------------------------------------- /javascript/aws-lambda/security/pg-sqli.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/aws-lambda/security/pg-sqli.js -------------------------------------------------------------------------------- /javascript/aws-lambda/security/pg-sqli.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/aws-lambda/security/pg-sqli.yaml -------------------------------------------------------------------------------- /javascript/browser/security/dom-based-xss.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/browser/security/dom-based-xss.js -------------------------------------------------------------------------------- /javascript/browser/security/eval-detected.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/browser/security/eval-detected.js -------------------------------------------------------------------------------- /javascript/browser/security/open-redirect.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/browser/security/open-redirect.js -------------------------------------------------------------------------------- /javascript/browser/security/raw-html-join.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/browser/security/raw-html-join.js -------------------------------------------------------------------------------- /javascript/jose/security/jwt-hardcode.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jose/security/jwt-hardcode.js -------------------------------------------------------------------------------- /javascript/jose/security/jwt-hardcode.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jose/security/jwt-hardcode.yaml -------------------------------------------------------------------------------- /javascript/jose/security/jwt-none-alg.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jose/security/jwt-none-alg.js -------------------------------------------------------------------------------- /javascript/jose/security/jwt-none-alg.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jose/security/jwt-none-alg.yaml -------------------------------------------------------------------------------- /javascript/jsonwebtoken/security/example1.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jsonwebtoken/security/example1.js -------------------------------------------------------------------------------- /javascript/jsonwebtoken/security/example2.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jsonwebtoken/security/example2.js -------------------------------------------------------------------------------- /javascript/jsonwebtoken/security/example3.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jsonwebtoken/security/example3.js -------------------------------------------------------------------------------- /javascript/jsonwebtoken/security/example4.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/jsonwebtoken/security/example4.js -------------------------------------------------------------------------------- /javascript/lang/correctness/no-replaceall.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/correctness/no-replaceall.js -------------------------------------------------------------------------------- /javascript/lang/correctness/useless-assign.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/correctness/useless-assign.js -------------------------------------------------------------------------------- /javascript/lang/correctness/useless-eqeq.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/correctness/useless-eqeq.js -------------------------------------------------------------------------------- /javascript/lang/correctness/useless-eqeq.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/correctness/useless-eqeq.yaml -------------------------------------------------------------------------------- /javascript/lang/security/spawn-git-clone.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/security/spawn-git-clone.js -------------------------------------------------------------------------------- /javascript/lang/security/spawn-git-clone.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/lang/security/spawn-git-clone.yaml -------------------------------------------------------------------------------- /javascript/sax/security/audit/sax-xxe.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/sax/security/audit/sax-xxe.js -------------------------------------------------------------------------------- /javascript/sax/security/audit/sax-xxe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/javascript/sax/security/audit/sax-xxe.yaml -------------------------------------------------------------------------------- /json/aws/security/public-s3-bucket.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/json/aws/security/public-s3-bucket.json -------------------------------------------------------------------------------- /json/aws/security/public-s3-bucket.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/json/aws/security/public-s3-bucket.yaml -------------------------------------------------------------------------------- /json/aws/security/wildcard-assume-role.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/json/aws/security/wildcard-assume-role.json -------------------------------------------------------------------------------- /json/aws/security/wildcard-assume-role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/json/aws/security/wildcard-assume-role.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/anonymous-ldap-bind.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/anonymous-ldap-bind.kt -------------------------------------------------------------------------------- /kotlin/lang/security/anonymous-ldap-bind.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/anonymous-ldap-bind.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/bad-hexa-conversion.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/bad-hexa-conversion.kt -------------------------------------------------------------------------------- /kotlin/lang/security/bad-hexa-conversion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/bad-hexa-conversion.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/ecb-cipher.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/ecb-cipher.kt -------------------------------------------------------------------------------- /kotlin/lang/security/ecb-cipher.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/ecb-cipher.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/gcm-detection.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/gcm-detection.kt -------------------------------------------------------------------------------- /kotlin/lang/security/gcm-detection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/gcm-detection.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/no-null-cipher.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/no-null-cipher.kt -------------------------------------------------------------------------------- /kotlin/lang/security/no-null-cipher.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/no-null-cipher.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/unencrypted-socket.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/unencrypted-socket.kt -------------------------------------------------------------------------------- /kotlin/lang/security/unencrypted-socket.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/unencrypted-socket.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/use-of-md5.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/use-of-md5.kt -------------------------------------------------------------------------------- /kotlin/lang/security/use-of-md5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/use-of-md5.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/use-of-sha1.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/use-of-sha1.kt -------------------------------------------------------------------------------- /kotlin/lang/security/use-of-sha1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/use-of-sha1.yaml -------------------------------------------------------------------------------- /kotlin/lang/security/weak-rsa.kt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/weak-rsa.kt -------------------------------------------------------------------------------- /kotlin/lang/security/weak-rsa.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/kotlin/lang/security/weak-rsa.yaml -------------------------------------------------------------------------------- /libsonnet/metadata/cwe.libsonnet: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/libsonnet/metadata/cwe.libsonnet -------------------------------------------------------------------------------- /metadata-schema.yaml.schm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/metadata-schema.yaml.schm -------------------------------------------------------------------------------- /ocaml/lang/best-practice/bool.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/bool.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/bool.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/bool.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/exception.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/exception.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/exception.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/exception.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/hashtbl.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/hashtbl.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/hashtbl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/hashtbl.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/ifs.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/ifs.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/ifs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/ifs.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/list.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/list.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/list.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/list.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/ref.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/ref.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/ref.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/ref.yaml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/string.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/string.ml -------------------------------------------------------------------------------- /ocaml/lang/best-practice/string.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/best-practice/string.yaml -------------------------------------------------------------------------------- /ocaml/lang/compatibility/deprecated.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/compatibility/deprecated.ml -------------------------------------------------------------------------------- /ocaml/lang/compatibility/deprecated.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/compatibility/deprecated.yaml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-compare.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-compare.ml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-compare.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-compare.yaml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-eq.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-eq.ml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-eq.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-eq.yaml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-if.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-if.ml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-if.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-if.yaml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-let.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-let.ml -------------------------------------------------------------------------------- /ocaml/lang/correctness/useless-let.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/correctness/useless-let.yaml -------------------------------------------------------------------------------- /ocaml/lang/performance/list.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/performance/list.ml -------------------------------------------------------------------------------- /ocaml/lang/performance/list.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/performance/list.yaml -------------------------------------------------------------------------------- /ocaml/lang/portability/crlf-support.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/portability/crlf-support.ml -------------------------------------------------------------------------------- /ocaml/lang/portability/crlf-support.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/portability/crlf-support.yaml -------------------------------------------------------------------------------- /ocaml/lang/portability/slash-tmp.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/portability/slash-tmp.ml -------------------------------------------------------------------------------- /ocaml/lang/portability/slash-tmp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/portability/slash-tmp.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/digest.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/digest.ml -------------------------------------------------------------------------------- /ocaml/lang/security/digest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/digest.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/exec.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/exec.ml -------------------------------------------------------------------------------- /ocaml/lang/security/exec.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/exec.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/filenameconcat.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/filenameconcat.ml -------------------------------------------------------------------------------- /ocaml/lang/security/filenameconcat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/filenameconcat.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/hashtable-dos.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/hashtable-dos.ml -------------------------------------------------------------------------------- /ocaml/lang/security/hashtable-dos.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/hashtable-dos.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/marshal.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/marshal.ml -------------------------------------------------------------------------------- /ocaml/lang/security/marshal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/marshal.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/tempfile.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/tempfile.ml -------------------------------------------------------------------------------- /ocaml/lang/security/tempfile.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/tempfile.yaml -------------------------------------------------------------------------------- /ocaml/lang/security/unsafe.ml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/unsafe.ml -------------------------------------------------------------------------------- /ocaml/lang/security/unsafe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/ocaml/lang/security/unsafe.yaml -------------------------------------------------------------------------------- /php/lang/security/assert-use.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/assert-use.php -------------------------------------------------------------------------------- /php/lang/security/assert-use.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/assert-use.yaml -------------------------------------------------------------------------------- /php/lang/security/audit/assert-use-audit.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/audit/assert-use-audit.php -------------------------------------------------------------------------------- /php/lang/security/audit/assert-use-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/audit/assert-use-audit.yaml -------------------------------------------------------------------------------- /php/lang/security/audit/sha224-hash.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/audit/sha224-hash.php -------------------------------------------------------------------------------- /php/lang/security/audit/sha224-hash.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgrep/semgrep-rules/HEAD/php/lang/security/audit/sha224-hash.yaml -------------------------------------------------------------------------------- /php/lang/security/backticks-use.php: -------------------------------------------------------------------------------- 1 |